[
https://issues.apache.org/jira/browse/SLING-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17027587#comment-17027587
]
Jason E Bailey commented on SLING-7760:
---------------------------------------
I've been considering this a lot. It's true that I could write a REQUEST Filter
would be able to apply for my personal needs. What I was looking for, is a way
to incorporate a feature within Sling that would support headers being applied
when needed.
The reason that I feel a header feature is appropriate is that headers have to
be applied prior to any writes that occur. Sling is a framework that supports
many different models of development. Including working with other peoples
frameworks and adding other peoples "plugins" to provide new features. I then
start down a rabbit hole where, if I use a filter, I have no guarantee that it
will be the first one called. The only place that you can guarantee that
headers will always be applied appropriately is in the Main Servlet. Which, I
believe, is the same reason that the static headers are there.
How about this proposal.
I'm going back to the services approach.
Leave the static headers alone. Additionally, create a service interface that
takes the request path and returns a list of headers that applies to that
request. Whether the service that implements the interface then performs a
context aware lookup, or it does pattern matching, or whatever, would then be
left up to the individuals implementing the application. That way an
implementer can be assured that their feature they are adding will not have any
downstream conflicts.
I'm pretty sure that I can do this in such a way as to have a minimal impact to
the code and not change the current flow. By doing it the same way as the
current static headers are applied except use a a static concurrent mapping of
services.
> Sling Main Servlet - Change header configuration to a service
> -------------------------------------------------------------
>
> Key: SLING-7760
> URL: https://issues.apache.org/jira/browse/SLING-7760
> Project: Sling
> Issue Type: Improvement
> Reporter: Jason E Bailey
> Assignee: Jason E Bailey
> Priority: Major
>
> The ability to set headers must be done prior to any writing that occurs the
> output stream. This is the reason why the headers are set to be configured in
> the Sling Main Servlet.
> With Sling being used to maintain multiple sites, having a single set of
> response headers creates problems where the header provides a non tailored
> response. One site may have a conflicting set of requirements then another
> site.
> If the setting of headers was moved from being a configuration to being a
> service used by the Main Servlet, this would allow the following:
> * Headers set on a per site basis
> * Headers based on selected resource
> * Ability to modify the headers without causing the restart of the Sling
> Main Servlet
> ** Which if you're dealing with CSP headers can be a constant pain
> * Ability to create a CSP configuration Service that eases the use of CSP
> creation
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
