Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Adding a response header to specific resources

Avatar

Avatar
Validate 1
Level 1
Prem_IB
Level 1

Likes

0 likes

Total Posts

10 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
Prem_IB
Level 1

Likes

0 likes

Total Posts

10 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
Prem_IB
Level 1

22-02-2021

I am trying to add response header, specifically - Content-Security-Policy script-src to requests on resources under /content/dam/ or resources with .png extension.  Should I add the filters on sling? or is there any other way to it directly add headers on dispatcher.

AEM 6.5 Apache Dispatcher header

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
MVP
raj_mandalapu
MVP

Likes

124 likes

Total Posts

203 posts

Correct Reply

72 solutions
Top badges earned
Validate 1
Contributor
Shape 1
Give Back 5
Give Back 3
View profile

Avatar
Validate 1
MVP
raj_mandalapu
MVP

Likes

124 likes

Total Posts

203 posts

Correct Reply

72 solutions
Top badges earned
Validate 1
Contributor
Shape 1
Give Back 5
Give Back 3
View profile
raj_mandalapu
MVP

22-02-2021

There are two approaches, using sling filters or adding this in the Apache layer

If you go with the filter you need to put proper conditions because the filter executes for every request. you need to put the proper pattern and also need to put condition only to execute images files something like .svg, png, etc.

check below link, it sets header location header

http://www.coderss.in/aem-sling-filters-2/

The other way is handling this at the apache level, refer to the below articles. I prefer to use Apache configurations.

https://stackoverflow.com/questions/42791279/how-to-set-apache-conditional-header-based-on-url

https://ole.michelsen.dk/blog/secure-your-website-with-content-security-policy/

 

Answers (0)