You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2020/02/01 00:24:00 UTC

[jira] [Commented] (SLING-7760) Sling Main Servlet - Change header configuration to a service

    [ https://issues.apache.org/jira/browse/SLING-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17027904#comment-17027904 ] 

Carsten Ziegeler commented on SLING-7760:
-----------------------------------------

Totally agree that we must not pass the whole response object down, we could pass a stripped down version which in the first iteration only allows to set headers.
But :) as mentioned you can do the same with filters, filters have an ordering which is configurable and you can configure it in a way that it runs first  - now granted, there might be other filters that have the same idea of being the first and use the same configuration value. But that can be fixed by configuring them to run a little bit later. Thats the whole point of making it possible to define the order of filters - it requires the knowledge of all filters in the system, but you should have this anyways.

> Sling Main Servlet - Change header configuration to a service
> -------------------------------------------------------------
>
>                 Key: SLING-7760
>                 URL: https://issues.apache.org/jira/browse/SLING-7760
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Jason E Bailey
>            Assignee: Jason E Bailey
>            Priority: Major
>
> The ability to set headers must be done prior to any writing that occurs the output stream. This is the reason why the headers are set to be configured in the Sling Main Servlet.
> With Sling being used to maintain multiple sites, having a single set of response headers creates problems where the header provides a non tailored response. One site may have a conflicting set of requirements then another site.
> If the setting of headers was moved from being a configuration to being a service used by the Main Servlet, this would allow the following:
>  * Headers set on a per site basis
>  * Headers based on selected resource
>  * Ability to modify the headers without causing the restart of the Sling Main Servlet
>  ** Which if you're dealing with CSP headers can be a constant pain
>  * Ability to create a CSP configuration Service that eases the use of CSP creation
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)