[ https://issues.apache.org/jira/browse/SLING-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17027587#comment-17027587 ]
Jason E Bailey commented on SLING-7760: --------------------------------------- I've been considering this a lot. It's true that I could write a REQUEST Filter would be able to apply for my personal needs. What I was looking for, is a way to incorporate a feature within Sling that would support headers being applied when needed. The reason that I feel a header feature is appropriate is that headers have to be applied prior to any writes that occur. Sling is a framework that supports many different models of development. Including working with other peoples frameworks and adding other peoples "plugins" to provide new features. I then start down a rabbit hole where, if I use a filter, I have no guarantee that it will be the first one called. The only place that you can guarantee that headers will always be applied appropriately is in the Main Servlet. Which, I believe, is the same reason that the static headers are there. How about this proposal. I'm going back to the services approach. Leave the static headers alone. Additionally, create a service interface that takes the request path and returns a list of headers that applies to that request. Whether the service that implements the interface then performs a context aware lookup, or it does pattern matching, or whatever, would then be left up to the individuals implementing the application. That way an implementer can be assured that their feature they are adding will not have any downstream conflicts. I'm pretty sure that I can do this in such a way as to have a minimal impact to the code and not change the current flow. By doing it the same way as the current static headers are applied except use a a static concurrent mapping of services. > Sling Main Servlet - Change header configuration to a service > ------------------------------------------------------------- > > Key: SLING-7760 > URL: https://issues.apache.org/jira/browse/SLING-7760 > Project: Sling > Issue Type: Improvement > Reporter: Jason E Bailey > Assignee: Jason E Bailey > Priority: Major > > The ability to set headers must be done prior to any writing that occurs the > output stream. This is the reason why the headers are set to be configured in > the Sling Main Servlet. > With Sling being used to maintain multiple sites, having a single set of > response headers creates problems where the header provides a non tailored > response. One site may have a conflicting set of requirements then another > site. > If the setting of headers was moved from being a configuration to being a > service used by the Main Servlet, this would allow the following: > * Headers set on a per site basis > * Headers based on selected resource > * Ability to modify the headers without causing the restart of the Sling > Main Servlet > ** Which if you're dealing with CSP headers can be a constant pain > * Ability to create a CSP configuration Service that eases the use of CSP > creation > > -- This message was sent by Atlassian Jira (v8.3.4#803005)