package org.squashtest.tm.web.internal.controller.checkXFO;

import java.io.IOException;
import java.net.URL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:org/squashtest/tm/web/internal/controller/checkXFO/CheckXFO.class */
public class CheckXFO {
    private static final Logger LOGGER = LoggerFactory.getLogger(CheckXFO.class);

    @RequestMapping(value = {"/checkXFO"}, method = {RequestMethod.POST}, params = {"URL"})
    @ResponseBody
    public boolean XFOAllowForAll(@RequestParam("URL") String str) {
        boolean z = false;
        try {
            String headerField = new URL(str).openConnection().getHeaderField("X-Frame-Options");
            if (!"DENY".equals(headerField)) {
                if (!"SAMEORIGIN".equals(headerField)) {
                    z = true;
                }
            }
        } catch (IOException e) {
            LOGGER.error(e.getMessage(), e);
        }
        return z;
    }
}
