package org.springframework.security.web.header.writers;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.util.Assert;

/* loaded from: input_file:ingrid-iplug-blp-7.5.0/lib/spring-security-web-6.4.2.jar:org/springframework/security/web/header/writers/ContentSecurityPolicyHeaderWriter.class */
public final class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
    private static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
    private static final String CONTENT_SECURITY_POLICY_REPORT_ONLY_HEADER = "Content-Security-Policy-Report-Only";
    private static final String DEFAULT_SRC_SELF_POLICY = "default-src 'self'";
    private String policyDirectives;
    private boolean reportOnly;

    public ContentSecurityPolicyHeaderWriter() {
        setPolicyDirectives(DEFAULT_SRC_SELF_POLICY);
        this.reportOnly = false;
    }

    public ContentSecurityPolicyHeaderWriter(String str) {
        setPolicyDirectives(str);
        this.reportOnly = false;
    }

    @Override // org.springframework.security.web.header.HeaderWriter
    public void writeHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = !this.reportOnly ? "Content-Security-Policy" : "Content-Security-Policy-Report-Only";
        if (httpServletResponse.containsHeader(str)) {
            return;
        }
        httpServletResponse.setHeader(str, this.policyDirectives);
    }

    public void setPolicyDirectives(String str) {
        Assert.hasLength(str, "policyDirectives cannot be null or empty");
        this.policyDirectives = str;
    }

    public void setReportOnly(boolean z) {
        this.reportOnly = z;
    }

    public String toString() {
        return getClass().getName() + " [policyDirectives=" + this.policyDirectives + "; reportOnly=" + this.reportOnly + "]";
    }
}
