package com.atlassian.crowd.xwork.interceptors;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;

/* loaded from: input_file:com/atlassian/crowd/xwork/interceptors/SecurityHeadersInterceptor.class */
public class SecurityHeadersInterceptor implements Interceptor {
    private static final String DISABLE_CLICKJACKING_PROTECTION_PROPERTY = "clickjacking.protection.disable";

    public void destroy() {
    }

    public void init() {
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        HttpServletResponse response = ServletActionContext.getResponse();
        if (response != null) {
            response.setHeader("X-XSS-Protection", "1; mode=block");
            response.setHeader("X-Content-Type-Options", "nosniff");
            if (!Boolean.getBoolean(DISABLE_CLICKJACKING_PROTECTION_PROPERTY)) {
                response.setHeader("X-Frame-Options", "SAMEORIGIN");
                response.setHeader("Content-Security-Policy", "frame-ancestors 'self'");
            }
        }
        return actionInvocation.invoke();
    }
}
