tapestry-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Weidig <...@netzgut.net>
Subject Re: Add HTTP security Headers in the response
Date Wed, 03 Oct 2018 16:11:39 GMT
Hi,

you could use a org.apache.tapestry5.services.RequestFilter.class to access
the response (
http://tapestry.apache.org/current/apidocs//org/apache/tapestry5/services/RequestFilter.html
)

Something like this (untested code):

public class MySecurityHeadersRequestFilter implements RequestFilter {

    @Override
    public boolean service(Request request, Response response,
RequestHandler handler) throws IOException {
        response.addHeader("X-Frame-Options", "my options");
        return handler.service(request, response);
    }
}

Then just contribute it in a module:

public static void
contributeRequestHandler(OrderedConfiguration<RequestFilter> conf) {
    conf.addInstance("my-security-headers",
MySecurityHeadersRequestFilter.class);
}

On Wed, Oct 3, 2018 at 5:59 PM Ajay Arora <toajayarora@gmail.com> wrote:

> Hello All,
>
> We're looking for ways to add different http security headers
> like X-Frame-Options, X-XSS-Protection and others into the http response.
> We're using Tapestry 5.4.3.
>
> One way I found was to add a additional filter in web.xml before the
> Tapestry Filter takes over but then it add the headers to all the requests
> like for static files and not sure if  X-Frame-Options header etc should be
> included for the response of such type of requests.
>
> Feel like we should wait till Tapestry done handling the request and then
> add the security headers before the response goes to the client but could
> not find how to do it In Tapestry.
>
> is there a better way to do this in Tapestry?
>
> Thanks for your help !
>


Ben
-- 

Netzgut GmbH

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message