package org.atmosphere.interceptor;

import javax.ws.rs.HttpMethod;
import org.atmosphere.cpr.Action;
import org.atmosphere.cpr.ApplicationConfig;
import org.atmosphere.cpr.AtmosphereConfig;
import org.atmosphere.cpr.AtmosphereInterceptorAdapter;
import org.atmosphere.cpr.AtmosphereRequest;
import org.atmosphere.cpr.AtmosphereResource;
import org.atmosphere.cpr.AtmosphereResponse;
import org.atmosphere.cpr.BroadcastFilter;
import org.atmosphere.cpr.HeaderConfig;
import org.atmosphere.interceptor.InvokationOrder;
import org.atmosphere.util.Utils;

/* loaded from: input_file:WEB-INF/lib/atmosphere-runtime-2.2.1.jar:org/atmosphere/interceptor/CorsInterceptor.class */
public class CorsInterceptor extends AtmosphereInterceptorAdapter {
    private final String EXPOSE_HEADERS = "X-Atmosphere-tracking-id, X-Heartbeat-Server";
    private boolean enableAccessControl = true;

    @Override // org.atmosphere.cpr.AtmosphereInterceptorAdapter, org.atmosphere.cpr.AtmosphereInterceptor
    public void configure(AtmosphereConfig atmosphereConfig) {
        String initParameter = atmosphereConfig.getInitParameter(ApplicationConfig.DROP_ACCESS_CONTROL_ALLOW_ORIGIN_HEADER);
        if (initParameter != null) {
            this.enableAccessControl = Boolean.parseBoolean(initParameter);
        }
    }

    @Override // org.atmosphere.cpr.AtmosphereInterceptorAdapter, org.atmosphere.cpr.AtmosphereInterceptor
    public Action inspect(AtmosphereResource atmosphereResource) {
        if (!Utils.webSocketMessage(atmosphereResource) && this.enableAccessControl) {
            AtmosphereRequest request = atmosphereResource.getRequest();
            AtmosphereResponse response = atmosphereResource.getResponse();
            if (request.getHeader("Origin") != null && response.getHeader(HeaderConfig.ACCESS_CONTROL_ALLOW_ORIGIN) == null) {
                response.addHeader(HeaderConfig.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader("Origin"));
                response.addHeader("Access-Control-Expose-Headers", "X-Atmosphere-tracking-id, X-Heartbeat-Server");
                response.setHeader(HeaderConfig.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            }
            if (!HttpMethod.OPTIONS.equals(request.getMethod())) {
                return Action.CONTINUE;
            }
            response.setHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST");
            response.setHeader("Access-Control-Allow-Headers", "Origin, Content-Type, AuthToken, X-Atmosphere-Framework, X-Atmosphere-tracking-id, X-Heartbeat-Server, X-Atmosphere-Transport, X-Atmosphere-TrackMessageSize, X-atmo-protocol");
            response.setHeader("Access-Control-Max-Age", BroadcastFilter.VOID_ATMOSPHERE_RESOURCE_UUID);
            return Action.SKIP_ATMOSPHEREHANDLER;
        }
        return Action.CONTINUE;
    }

    public boolean enableAccessControl() {
        return this.enableAccessControl;
    }

    public CorsInterceptor enableAccessControl(boolean z) {
        this.enableAccessControl = z;
        return this;
    }

    @Override // org.atmosphere.cpr.AtmosphereInterceptorAdapter, org.atmosphere.interceptor.InvokationOrder
    public InvokationOrder.PRIORITY priority() {
        return InvokationOrder.FIRST_BEFORE_DEFAULT;
    }

    @Override // org.atmosphere.cpr.AtmosphereInterceptorAdapter
    public String toString() {
        return "CORS Interceptor Support";
    }
}
