package org.eclipse.scout.rt.ui.html.json.form.fields.browserfield;

import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.server.commons.servlet.ContentSecurityPolicy;
import org.eclipse.scout.rt.server.commons.servlet.HttpClientInfo;
import org.eclipse.scout.rt.server.commons.servlet.cache.IHttpResponseInterceptor;
import org.eclipse.scout.rt.ui.html.IUiSession;

/* loaded from: input_file:org/eclipse/scout/rt/ui/html/json/form/fields/browserfield/BrowserFieldContentHttpResponseInterceptor.class */
public class BrowserFieldContentHttpResponseInterceptor implements IHttpResponseInterceptor {
    private static final long serialVersionUID = 1;
    private final URI m_browserUri;

    public BrowserFieldContentHttpResponseInterceptor(IUiSession iUiSession) {
        this.m_browserUri = iUiSession.getClientSession().getBrowserURI();
    }

    public void intercept(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ContentSecurityPolicy appendScriptSrc = ((ContentSecurityPolicy) BEANS.get(ContentSecurityPolicy.class)).appendScriptSrc("'unsafe-inline'");
        HttpClientInfo httpClientInfo = HttpClientInfo.get(httpServletRequest);
        if (httpClientInfo.isWebkit()) {
            String uri = this.m_browserUri.toString();
            appendScriptSrc.appendImgSrc(uri).appendStyleSrc(uri);
        }
        String token = appendScriptSrc.toToken();
        if (httpClientInfo.isMshtml()) {
            httpServletResponse.setHeader("X-Content-Security-Policy", token);
        } else {
            httpServletResponse.setHeader("Content-Security-Policy", token);
        }
    }
}
