package co.baiku.boot.core.web.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@WebFilter(urlPatterns = {"/*"}, filterName = "crossOrigin")
@Component
/* loaded from: input_file:co/baiku/boot/core/web/filter/CrossOriginFilter.class */
public class CrossOriginFilter implements Filter {
    private Logger log = LoggerFactory.getLogger(CrossOriginFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
        this.log.debug("crossOrigin init");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ((HttpServletResponse) servletResponse).setHeader("Access-Control-Allow-Origin", ((HttpServletRequest) servletRequest).getHeader("Origin"));
        ((HttpServletResponse) servletResponse).setHeader("Access-Control-Allow-Credentials", "true");
        ((HttpServletResponse) servletResponse).setHeader("Access-Control-Max-Age", "3600");
        ((HttpServletResponse) servletResponse).setHeader("Access-Control-Allow-Headers", "Origin,X-Requested-With,Content-Type,Accept,Authorization");
        String scheme = servletRequest.getScheme();
        if (!StringUtils.isEmpty(scheme) && "https".equalsIgnoreCase(scheme)) {
            ((HttpServletResponse) servletResponse).setHeader("Set-Cookie", "JSESSIONID=" + ((HttpServletRequest) servletRequest).getSession().getId() + "; Path=/cas;HttpOnly=true;Secure=true;");
            ((HttpServletResponse) servletResponse).setHeader("Strict-Transport-Security", "max-age=31536000; includeSubdomains; preload");
            ((HttpServletResponse) servletResponse).setHeader("X-Frame-Options", "SAMEORIGIN;");
            ((HttpServletResponse) servletResponse).setHeader("X-XSS-Protection", "\"1; mode=block\";");
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }
}
