I am trying to add response header, specifically - Content-Security-Policy script-src to requests on resources under /content/dam/ or resources with .png extension. Should I add the filters on sling? or is there any other way to it directly add headers on dispatcher.
There are two approaches, using sling filters or adding this in the Apache layer
If you go with the filter you need to put proper conditions because the filter executes for every request. you need to put the proper pattern and also need to put condition only to execute images files something like .svg, png, etc.
check below link, it sets header location header
http://www.coderss.in/aem-sling-filters-2/
The other way is handling this at the apache level, refer to the below articles. I prefer to use Apache configurations.
https://stackoverflow.com/questions/42791279/how-to-set-apache-conditional-header-based-on-url
https://ole.michelsen.dk/blog/secure-your-website-with-content-security-policy/
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.