Fix for issue #289

Arpit Gupta · Arpit Gupta · commit 2dbb41911222 · 2015-01-01T17:31:33.000+05:30
#289 When using ClickJackFilter, In some cases response header is not set. http://stackoverflow.com/questions/11371755/clickjacking-filter-to-add-x -frame-options-in-response
diff --git a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
@@ -95,8 +95,8 @@ public void init(FilterConfig filterConfig) {
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
 	{
         HttpServletResponse res = (HttpServletResponse)response;
-        chain.doFilter(request, response);
         res.addHeader("X-FRAME-OPTIONS", mode );
+        chain.doFilter(request, response);
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -95,8 +95,8 @@ public void init(FilterConfig filterConfig) {`
`95`	`95`	`public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException`
`96`	`96`	`{`
`97`	`97`	`HttpServletResponse res = (HttpServletResponse)response;`
`98`		`- chain.doFilter(request, response);`
`99`	`98`	`res.addHeader("X-FRAME-OPTIONS", mode );`
	`99`	`+ chain.doFilter(request, response);`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`/**`