package org.sonar.server.platform.web;

import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.sonar.server.issue.IssueFieldsSetter;

/* loaded from: input_file:org/sonar/server/platform/web/SecurityServletFilter.class */
public class SecurityServletFilter implements Filter {
    private static final Set<String> ALLOWED_HTTP_METHODS = ImmutableSet.of("DELETE", "GET", "HEAD", "POST", "PUT");

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doHttpFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private static void doHttpFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!ALLOWED_HTTP_METHODS.contains(httpServletRequest.getMethod())) {
            httpServletResponse.setStatus(405);
            return;
        }
        if (!httpServletRequest.getRequestURI().replaceFirst(httpServletRequest.getContextPath(), IssueFieldsSetter.UNUSED).startsWith("/integration/")) {
            httpServletResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
        }
        httpServletResponse.addHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void destroy() {
    }
}
