ClickjackFilter after doFilter

[GoogleCodeExporter]

I have used the ClickjackFilter but I noticed that in some cases the header 
simply was not set on the response. I looked at the code and noticed that 
header is added after chain.doFilter(request, response).

This seems to be a problem at least in Tomcat 6.  I moved 
res.addHeader("X-FRAME-OPTIONS", mode ) before chain.doFilter(request, 
response) and it worked fine in every case. 

There is also discussion about this on stack overflow: 
http://stackoverflow.com/questions/11371755/clickjacking-filter-to-add-x-frame-o
ptions-in-response

I would suggest moving it before doFilter. 

Best, 
Ronald

Original issue reported on code.google.com by ronald.p...@googlemail.com on 17 Aug 2012 at 6:41