Hello All, We're looking for ways to add different http security headers like X-Frame-Options, X-XSS-Protection and others into the http response. We're using Tapestry 5.4.3.
One way I found was to add a additional filter in web.xml before the Tapestry Filter takes over but then it add the headers to all the requests like for static files and not sure if X-Frame-Options header etc should be included for the response of such type of requests. Feel like we should wait till Tapestry done handling the request and then add the security headers before the response goes to the client but could not find how to do it In Tapestry. is there a better way to do this in Tapestry? Thanks for your help !
