Hi, you could use a org.apache.tapestry5.services.RequestFilter.class to access the response ( http://tapestry.apache.org/current/apidocs//org/apache/tapestry5/services/RequestFilter.html )
Something like this (untested code): public class MySecurityHeadersRequestFilter implements RequestFilter { @Override public boolean service(Request request, Response response, RequestHandler handler) throws IOException { response.addHeader("X-Frame-Options", "my options"); return handler.service(request, response); } } Then just contribute it in a module: public static void contributeRequestHandler(OrderedConfiguration<RequestFilter> conf) { conf.addInstance("my-security-headers", MySecurityHeadersRequestFilter.class); } On Wed, Oct 3, 2018 at 5:59 PM Ajay Arora <toajayar...@gmail.com> wrote: > Hello All, > > We're looking for ways to add different http security headers > like X-Frame-Options, X-XSS-Protection and others into the http response. > We're using Tapestry 5.4.3. > > One way I found was to add a additional filter in web.xml before the > Tapestry Filter takes over but then it add the headers to all the requests > like for static files and not sure if X-Frame-Options header etc should be > included for the response of such type of requests. > > Feel like we should wait till Tapestry done handling the request and then > add the security headers before the response goes to the client but could > not find how to do it In Tapestry. > > is there a better way to do this in Tapestry? > > Thanks for your help ! > Ben -- Netzgut GmbH