package org.qubership.profiler.security.csrf;

import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.Writer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:org/qubership/profiler/security/csrf/CSRFGuardScriptServlet.class */
public class CSRFGuardScriptServlet extends HttpServlet {
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setContentType("application/x-javascript; charset=utf-8");
        HttpSession session = httpServletRequest.getSession();
        PrintWriter printWriter = new PrintWriter((Writer) new BufferedWriter(new OutputStreamWriter((OutputStream) httpServletResponse.getOutputStream(), "utf-8")), false);
        printWriter.print(getCSRFScript(session));
        printWriter.flush();
    }

    private String getCSRFScript(HttpSession httpSession) {
        StringBuilder sb = new StringBuilder();
        sb.append("var CSRF_TOKEN_NAME='").append(CSRFGuardHelper.CSRF_TOKEN_P).append("';\n").append("var CSRF_TOKEN_VALUE='").append(CSRFGuardHelper.getToken(httpSession)).append("';\n").append("function csrfSafeMethod(method) {\n\t// these HTTP methods do not require CSRF protection\n\treturn (/^(GET)$/.test(method));\n}\n\n$.ajaxSetup({\n\tbeforeSend: function(xhr, settings) {\n\t\tif (!csrfSafeMethod(settings.type) && !this.crossDomain) {\n\t\t\txhr.setRequestHeader(CSRF_TOKEN_NAME, CSRF_TOKEN_VALUE);\n\t\t}\n\t}\n});");
        return sb.toString();
    }
}
