package no.nav.sbl.dialogarena.common.web.security;

import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:no/nav/sbl/dialogarena/common/web/security/SecurityHeadersFilter.class */
public class SecurityHeadersFilter implements Filter {
    private static final Pattern TJENESTER_NAV_NO_PATTERN = Pattern.compile("^tjenester(-q\\d)?\\.nav\\.no$");

    public void init(FilterConfig filterConfig) {
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!skipAddingSecurityHeaders(((HttpServletRequest) servletRequest).getServerName())) {
            httpServletResponse.setHeader("X-Frame-Options", "DENY");
            httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
            httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    static boolean skipAddingSecurityHeaders(String str) {
        return TJENESTER_NAV_NO_PATTERN.matcher(str).matches();
    }

    public void destroy() {
    }
}
