package io.prestosql.server.security;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:io/prestosql/server/security/HttpSecurityHeaderFilter.class */
public class HttpSecurityHeaderFilter extends HttpFilter {
    public void init(FilterConfig filterConfig) {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (System.getProperty("Content-Security-Policy") == null || ((servletRequest instanceof HttpServletRequest) && AuthenticationFilter.isWebUi((HttpServletRequest) servletRequest))) {
            httpServletResponse.setHeader("Content-Security-Policy", "object-src 'none'");
        } else {
            httpServletResponse.setHeader("Content-Security-Policy", System.getProperty("Content-Security-Policy"));
        }
        if (System.getProperty("Referrer-Policy") != null) {
            httpServletResponse.setHeader("Referrer-Policy", System.getProperty("Referrer-Policy"));
        } else {
            httpServletResponse.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
        }
        if (System.getProperty("X-Content-Type-Options") != null) {
            httpServletResponse.setHeader("X-Content-Type-Options", System.getProperty("X-Content-Type-Options"));
        } else {
            httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        }
        if (System.getProperty("X-Frame-Options") != null) {
            httpServletResponse.setHeader("X-Frame-Options", System.getProperty("X-Frame-Options"));
        } else {
            httpServletResponse.setHeader("X-Frame-Options", "deny");
        }
        if (System.getProperty("X-Permitted-Cross-Domain-Policies") != null) {
            httpServletResponse.setHeader("X-Permitted-Cross-Domain-Policies", System.getProperty("X-Permitted-Cross-Domain-Policies"));
        } else {
            httpServletResponse.setHeader("X-Permitted-Cross-Domain-Policies", "master-only");
        }
        if (System.getProperty("X-XSS-Protection") != null) {
            httpServletResponse.setHeader("X-XSS-Protection", System.getProperty("X-XSS-Protection"));
        } else {
            httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
