You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2020/01/19 10:52:00 UTC

[jira] [Comment Edited] (SLING-7760) Sling Main Servlet - Change header configuration to a service

    [ https://issues.apache.org/jira/browse/SLING-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17018870#comment-17018870 ] 

Carsten Ziegeler edited comment on SLING-7760 at 1/19/20 10:51 AM:
-------------------------------------------------------------------

I regard the current way as a global setting applying to all requests; I guess the other option would have been to come up with a filter.

Now, I think for your problem, the better option is to provider a Sling servlet filter for REQUEST. This is the first thing that gets called and you can set your per site headers there (and are able to override the global ones if needed).
It might make sense to come up with such a filter as part of the context aware configurations, but I have the feeling that the engine is the wrong place as it does not know anything about applications


was (Author: cziegeler):
I see the current way as a global setting applying to all requests; I guess the other option would have been to come up with a filter.

Now, I think for your problem, the better option is to provider a Sling servlet filter for REQUEST. This is the first thing that gets called and you can set your per site headers there (and are able to override the global ones if needed).
It might make sense to come up with such a filter as part of the context aware configurations, but I have the feeling that the engine is the wrong place as it does not know anything about applications

> Sling Main Servlet - Change header configuration to a service
> -------------------------------------------------------------
>
>                 Key: SLING-7760
>                 URL: https://issues.apache.org/jira/browse/SLING-7760
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Jason E Bailey
>            Assignee: Jason E Bailey
>            Priority: Major
>
> The ability to set headers must be done prior to any writing that occurs the output stream. This is the reason why the headers are set to be configured in the Sling Main Servlet.
> With Sling being used to maintain multiple sites, having a single set of response headers creates problems where the header provides a non tailored response. One site may have a conflicting set of requirements then another site.
> If the setting of headers was moved from being a configuration to being a service used by the Main Servlet, this would allow the following:
>  * Headers set on a per site basis
>  * Headers based on selected resource
>  * Ability to modify the headers without causing the restart of the Sling Main Servlet
>  ** Which if you're dealing with CSP headers can be a constant pain
>  * Ability to create a CSP configuration Service that eases the use of CSP creation
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)