[jira] [Commented] (SLING-7760) Sling Main Servlet - Change header configuration to a service

Fri, 31 Jan 2020 16:24:42 -0800 


    [ 
https://issues.apache.org/jira/browse/SLING-7760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17027904#comment-17027904
 ] 

Carsten Ziegeler commented on SLING-7760:
-----------------------------------------

Totally agree that we must not pass the whole response object down, we could 
pass a stripped down version which in the first iteration only allows to set 
headers.
But :) as mentioned you can do the same with filters, filters have an ordering 
which is configurable and you can configure it in a way that it runs first  - 
now granted, there might be other filters that have the same idea of being the 
first and use the same configuration value. But that can be fixed by 
configuring them to run a little bit later. Thats the whole point of making it 
possible to define the order of filters - it requires the knowledge of all 
filters in the system, but you should have this anyways.

> Sling Main Servlet - Change header configuration to a service
> -------------------------------------------------------------
>
>                 Key: SLING-7760
>                 URL: https://issues.apache.org/jira/browse/SLING-7760
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Jason E Bailey
>            Assignee: Jason E Bailey
>            Priority: Major
>
> The ability to set headers must be done prior to any writing that occurs the 
> output stream. This is the reason why the headers are set to be configured in 
> the Sling Main Servlet.
> With Sling being used to maintain multiple sites, having a single set of 
> response headers creates problems where the header provides a non tailored 
> response. One site may have a conflicting set of requirements then another 
> site.
> If the setting of headers was moved from being a configuration to being a 
> service used by the Main Servlet, this would allow the following:
>  * Headers set on a per site basis
>  * Headers based on selected resource
>  * Ability to modify the headers without causing the restart of the Sling 
> Main Servlet
>  ** Which if you're dealing with CSP headers can be a constant pain
>  * Ability to create a CSP configuration Service that eases the use of CSP 
> creation
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to