On Wed, Oct 3, 2018 at 3:00 PM Ajay Arora <toajayar...@gmail.com> wrote:
> Thank you the quick response and solution. > > is this way of putting the headers gives us any advantages over having > filter in front of Tapestry filter like may be better performance ? > I cannot think how any option would be faster than the other, so I suggest you do it in a RequestFilter, where you have everything in Tapestry and Tapestry-IoC at your disposal. > I believe the built-in Tapestry filters would be called before any custom > filter(s) and one of those filter like 'StaticFilesFilter' might skip some > requests going further to the new custom filter? And, I still needs to > parse the resource type in custom filter before setting a particular header > like x-frame-options does not make sense a image? > > Thanks for your help ! > > > On Wed, Oct 3, 2018 at 12:11 PM Ben Weidig <b...@netzgut.net> wrote: > > > Hi, > > > > you could use a org.apache.tapestry5.services.RequestFilter.class to > access > > the response ( > > > > > http://tapestry.apache.org/current/apidocs//org/apache/tapestry5/services/RequestFilter.html > > ) > > > > Something like this (untested code): > > > > public class MySecurityHeadersRequestFilter implements RequestFilter { > > > > @Override > > public boolean service(Request request, Response response, > > RequestHandler handler) throws IOException { > > response.addHeader("X-Frame-Options", "my options"); > > return handler.service(request, response); > > } > > } > > > > Then just contribute it in a module: > > > > public static void > > contributeRequestHandler(OrderedConfiguration<RequestFilter> conf) { > > conf.addInstance("my-security-headers", > > MySecurityHeadersRequestFilter.class); > > } > > > > On Wed, Oct 3, 2018 at 5:59 PM Ajay Arora <toajayar...@gmail.com> wrote: > > > > > Hello All, > > > > > > We're looking for ways to add different http security headers > > > like X-Frame-Options, X-XSS-Protection and others into the http > response. > > > We're using Tapestry 5.4.3. > > > > > > One way I found was to add a additional filter in web.xml before the > > > Tapestry Filter takes over but then it add the headers to all the > > requests > > > like for static files and not sure if X-Frame-Options header etc > should > > be > > > included for the response of such type of requests. > > > > > > Feel like we should wait till Tapestry done handling the request and > then > > > add the security headers before the response goes to the client but > could > > > not find how to do it In Tapestry. > > > > > > is there a better way to do this in Tapestry? > > > > > > Thanks for your help ! > > > > > > > > > Ben > > -- > > > > Netzgut GmbH > > > -- Thiago