tapestry-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Weidig <...@netzgut.net>
Subject Re: Add HTTP security Headers in the response
Date Wed, 03 Oct 2018 16:11:39 GMT

you could use a org.apache.tapestry5.services.RequestFilter.class to access
the response (

Something like this (untested code):

public class MySecurityHeadersRequestFilter implements RequestFilter {

    public boolean service(Request request, Response response,
RequestHandler handler) throws IOException {
        response.addHeader("X-Frame-Options", "my options");
        return handler.service(request, response);

Then just contribute it in a module:

public static void
contributeRequestHandler(OrderedConfiguration<RequestFilter> conf) {

On Wed, Oct 3, 2018 at 5:59 PM Ajay Arora <toajayarora@gmail.com> wrote:

> Hello All,
> We're looking for ways to add different http security headers
> like X-Frame-Options, X-XSS-Protection and others into the http response.
> We're using Tapestry 5.4.3.
> One way I found was to add a additional filter in web.xml before the
> Tapestry Filter takes over but then it add the headers to all the requests
> like for static files and not sure if  X-Frame-Options header etc should be
> included for the response of such type of requests.
> Feel like we should wait till Tapestry done handling the request and then
> add the security headers before the response goes to the client but could
> not find how to do it In Tapestry.
> is there a better way to do this in Tapestry?
> Thanks for your help !


Netzgut GmbH

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message