package com.whyc.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @Description :
 * @date 2020/09/11
 **/
@WebFilter
public class CrossDomainFilter implements Filter {


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("执行了过滤器CrossDomainFilter");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse resp= (HttpServletResponse) response;
        HttpServletRequest req= (HttpServletRequest) request;
        String origin = req.getHeader("Origin");
        // String origin = "http://localhost:8080";
        resp.setHeader("Access-Control-Allow-Origin", origin);
        resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token");
        resp.setHeader("Access-Control-Expose-Headers", "content-disposition");
        resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
        resp.setHeader("Access-Control-Allow-Credentials", "true");

        //处理响应头缺失,信息漏洞
        resp.addHeader("X-Frame-Options","SAMEORIGIN");
        resp.addHeader("Referrer-Policy","origin");
        resp.addHeader("Content-Security-Policy","object-src 'self'");
        resp.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
        resp.addHeader("X-Content-Type-Options","nosniff");
        resp.addHeader("X-XSS-Protection","1; mode=block");
        resp.addHeader("X-Download-Options","noopen");
        resp.addHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload");

        //单页面应用,只允许一个页面index.html
        String servletPath = req.getServletPath();
        if(servletPath.contains(".html")){
            if(!servletPath.equals("/index.html") && !servletPath.equals("/doc.html") && !servletPath.equals("/mobile/index.html")){
                resp.setStatus(202);
                return;
            }
            HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper((HttpServletRequest)req);
            if(servletPath.equals("/index.html") && req.getParameter("n") == null) {
                RequestDispatcher dispatcher = wrapper.getRequestDispatcher("/");
                dispatcher.forward(request, resp);
                return;
            }
        }

        chain.doFilter(request, resp);
    }

    @Override
    public void destroy() {

    }
}