package org.frankframework.web.filters;

import java.io.IOException;
import java.util.LinkedList;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter;

/* loaded from: input_file:org/frankframework/web/filters/CspFilter.class */
public class CspFilter implements Filter {
    private ContentSecurityPolicyHeaderWriter cspWriter;

    @Value("${cspheader.reportOnly:false}")
    private boolean reportOnly;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.cspWriter = new ContentSecurityPolicyHeaderWriter();
        LinkedList linkedList = new LinkedList();
        linkedList.add("default-src 'self';");
        linkedList.add("style-src 'self' https://fonts.googleapis.com/css 'unsafe-inline';");
        linkedList.add("font-src 'self' https://fonts.gstatic.com;");
        linkedList.add("script-src 'self' 'unsafe-eval' 'nonce-ffVersion' 'sha256-nTT9HlzZYsLZk5BbdhMKiMCvEgbfaqTeueMbRW8r6Ak=';");
        linkedList.add("connect-src 'self' https://ibissource.org/iaf/releases/;");
        linkedList.add("img-src 'self' data:;");
        linkedList.add("frame-ancestors 'self';");
        linkedList.add("form-action 'none';");
        this.cspWriter.setPolicyDirectives(StringUtils.join(linkedList, " "));
        this.cspWriter.setReportOnly(this.reportOnly);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        this.cspWriter.writeHeaders((HttpServletRequest) servletRequest, httpServletResponse);
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        filterChain.doFilter(servletRequest, httpServletResponse);
    }

    public void destroy() {
    }
}
