package org.springframework.cloud.gateway.filter.factory;

import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.http.HttpHeaders;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-gateway-core-2.0.0.RELEASE.jar:org/springframework/cloud/gateway/filter/factory/SecureHeadersGatewayFilterFactory.class */
public class SecureHeadersGatewayFilterFactory extends AbstractGatewayFilterFactory {
    public static final String X_XSS_PROTECTION_HEADER = "X-Xss-Protection";
    public static final String STRICT_TRANSPORT_SECURITY_HEADER = "Strict-Transport-Security";
    public static final String X_FRAME_OPTIONS_HEADER = "X-Frame-Options";
    public static final String X_CONTENT_TYPE_OPTIONS_HEADER = "X-Content-Type-Options";
    public static final String REFERRER_POLICY_HEADER = "Referrer-Policy";
    public static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
    public static final String X_DOWNLOAD_OPTIONS_HEADER = "X-Download-Options";
    public static final String X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER = "X-Permitted-Cross-Domain-Policies";
    private final SecureHeadersProperties properties;

    public SecureHeadersGatewayFilterFactory(SecureHeadersProperties secureHeadersProperties) {
        this.properties = secureHeadersProperties;
    }

    @Override // org.springframework.cloud.gateway.filter.factory.GatewayFilterFactory
    public GatewayFilter apply(Object obj) {
        return (serverWebExchange, gatewayFilterChain) -> {
            HttpHeaders headers = serverWebExchange.getResponse().getHeaders();
            headers.add(X_XSS_PROTECTION_HEADER, this.properties.getXssProtectionHeader());
            headers.add("Strict-Transport-Security", this.properties.getStrictTransportSecurity());
            headers.add("X-Frame-Options", this.properties.getFrameOptions());
            headers.add("X-Content-Type-Options", this.properties.getContentTypeOptions());
            headers.add("Referrer-Policy", this.properties.getReferrerPolicy());
            headers.add("Content-Security-Policy", this.properties.getContentSecurityPolicy());
            headers.add("X-Download-Options", this.properties.getDownloadOptions());
            headers.add(X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER, this.properties.getPermittedCrossDomainPolicies());
            return gatewayFilterChain.filter(serverWebExchange);
        };
    }
}
