package edu.internet2.middleware.grouper.ui;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/grouper-ui-4.0.2.jar:edu/internet2/middleware/grouper/ui/ContentSecurityPolicyFilter.class */
public class ContentSecurityPolicyFilter implements Filter {
    private String cspHeader;
    public static final String DEFAULT_CSP_HEADER = "frame-ancestors 'none'; default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';";

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("value");
        this.cspHeader = initParameter != null ? initParameter : DEFAULT_CSP_HEADER;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ((HttpServletResponse) servletResponse).setHeader("Content-Security-Policy", this.cspHeader);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }
}
