Expand my Community achievements bar.

SOLVED

Adding a response header to specific resources

Avatar

Level 2
Level 2
2/22/21 8:27:16 PM

I am trying to add response header, specifically - Content-Security-Policy script-src to requests on resources under /content/dam/ or resources with .png extension.  Should I add the filters on sling? or is there any other way to it directly add headers on dispatcher.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

6.5 Dispatcher

Views

3.7K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 8
Level 8
2/22/21 11:04:25 PM

There are two approaches, using sling filters or adding this in the Apache layer

If you go with the filter you need to put proper conditions because the filter executes for every request. you need to put the proper pattern and also need to put condition only to execute images files something like .svg, png, etc.

check below link, it sets header location header

http://www.coderss.in/aem-sling-filters-2/

The other way is handling this at the apache level, refer to the below articles. I prefer to use Apache configurations.

https://stackoverflow.com/questions/42791279/how-to-set-apache-conditional-header-based-on-url

https://ole.michelsen.dk/blog/secure-your-website-with-content-security-policy/

 

View solution in original post

Views

3.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Level 8
Level 8
2/22/21 11:04:25 PM

There are two approaches, using sling filters or adding this in the Apache layer

If you go with the filter you need to put proper conditions because the filter executes for every request. you need to put the proper pattern and also need to put condition only to execute images files something like .svg, png, etc.

check below link, it sets header location header

http://www.coderss.in/aem-sling-filters-2/

The other way is handling this at the apache level, refer to the below articles. I prefer to use Apache configurations.

https://stackoverflow.com/questions/42791279/how-to-set-apache-conditional-header-based-on-url

https://ole.michelsen.dk/blog/secure-your-website-with-content-security-policy/

 

Views

3.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Want to get the content of YAML files instead of downloading them (AEM 6.5)

Views

78

Likes

0

Replies

2
Cloud Manager - Error connecting to our backend systems

Views

91

Likes

0

Replies

2
Pages are appearing white while migrating code from on-premise to cloud

Views

124

Like

1

Replies

3
Disable dispatcher caching for specific requests

Views

148

Like

1

Replies

5
Fix CACHE-CONTROL maxAge for client libraries - to ensure immediate deployment of new code

Views

281

Like

1

Replies

12