package dev.dsf.fhir.webservice.filter;

import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;

@Provider
/* loaded from: input_file:dev/dsf/fhir/webservice/filter/BrowserPolicyHeaderResponseFilter.class */
public class BrowserPolicyHeaderResponseFilter implements ContainerResponseFilter {
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        if ((containerRequestContext.getAcceptableMediaTypes() == null || !containerRequestContext.getAcceptableMediaTypes().contains(MediaType.TEXT_HTML_TYPE)) && (containerRequestContext.getUriInfo() == null || containerRequestContext.getUriInfo().getPath() == null || !containerRequestContext.getUriInfo().getPath().startsWith("static/"))) {
            return;
        }
        MultivaluedMap headers = containerResponseContext.getHeaders();
        headers.add("X-Content-Type-Options", "nosniff");
        headers.add("Referrer-Policy", "strict-origin-when-cross-origin");
        headers.add("Cross-Origin-Opener-Policy", "same-origin");
        headers.add("Cross-Origin-Embedder-Policy", "require-corp");
        headers.add("Cross-Origin-Resource-Policy", "same-site");
        headers.add("Permissions-Policy", "geolocation=(), camera=(), microphone=()");
        if (containerRequestContext.getUriInfo() == null || containerRequestContext.getUriInfo().getPath() == null || !containerRequestContext.getUriInfo().getPath().startsWith("Binary/")) {
            headers.add("Content-Security-Policy", "base-uri 'self'; frame-ancestors 'none'; form-action 'self'; default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'");
        } else {
            headers.add("Content-Security-Policy", "base-uri 'self'; frame-ancestors 'none'; form-action 'self'; default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");
        }
    }
}
