package testcode.cors;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:testcode/cors/PermissiveCORS.class */
public class PermissiveCORS extends HttpServlet {
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        falsePositiveCORS(httpServletResponse);
        httpServletResponse.getWriter().print(httpServletRequest.getSession().getAttribute("secret"));
    }

    private void falsePositiveCORS(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("Access-Control-Allow-Origin", "http://example.com");
    }

    public void addPermissiveCORS(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
    }

    public void addPermissiveCORS2(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("access-control-allow-origin", "*");
    }

    public void addWildcardsCORS(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("Access-Control-Allow-Origin", "*.example.com");
    }

    public void addNullCORS(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("Access-Control-Allow-Origin", "null");
    }

    public void setPermissiveCORS(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
    }

    public void setPermissiveCORSWithRequestVariable(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getParameter("tainted"));
    }

    public void addPermissiveCORSWithRequestVariable(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.addHeader("Access-Control-Allow-Origin", str);
    }
}
