package org.restheart.exchange;

import io.undertow.util.HeaderMap;
import io.undertow.util.Headers;
import io.undertow.util.HttpString;
import org.restheart.plugins.security.TokenManager;

/* loaded from: input_file:org/restheart/exchange/CORSHeaders.class */
public interface CORSHeaders {
    public static final HttpString ACCESS_CONTROL_EXPOSE_HEADERS = HttpString.tryFromString("Access-Control-Expose-Headers");
    public static final HttpString ACCESS_CONTROL_ALLOW_CREDENTIAL = HttpString.tryFromString("Access-Control-Allow-Credentials");
    public static final HttpString ACCESS_CONTROL_ALLOW_ORIGIN = HttpString.tryFromString("Access-Control-Allow-Origin");
    public static final HttpString ACCESS_CONTROL_ALLOW_METHODS = HttpString.tryFromString("Access-Control-Allow-Methods");
    public static final HttpString ACCESS_CONTROL_ALLOW_HEADERS = HttpString.tryFromString("Access-Control-Allow-Headers");
    public static final String DEFAULT_ACCESS_CONTROL_EXPOSE_HEADERS = "Location, " + Headers.ETAG.toString() + ", " + TokenManager.AUTH_TOKEN_HEADER.toString() + ", " + TokenManager.AUTH_TOKEN_VALID_HEADER.toString() + ", " + TokenManager.AUTH_TOKEN_LOCATION_HEADER.toString() + ", X-Powered-By";
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_CREDENTIALS = "true";
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_ORIGIN = "*";
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_METHODS = "GET, PUT, POST, PATCH, DELETE, OPTIONS";
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_HEADERS = "Accept, Accept-Encoding, Authorization, Content-Length, Content-Type, Host, If-Match, Origin, X-Requested-With, User-Agent, No-Auth-Challenge";

    default String accessControlExposeHeaders(Request<?> request) {
        return DEFAULT_ACCESS_CONTROL_EXPOSE_HEADERS;
    }

    default String accessControlAllowCredentials(Request<?> request) {
        return DEFAULT_ACCESS_CONTROL_ALLOW_CREDENTIALS;
    }

    default String accessControlAllowOrigin(Request<?> request) {
        HeaderMap headers = request.getHeaders();
        return headers.contains(Headers.ORIGIN) ? headers.get(Headers.ORIGIN).getFirst().toString() : "*";
    }

    default String accessControlAllowMethods(Request<?> request) {
        return DEFAULT_ACCESS_CONTROL_ALLOW_METHODS;
    }

    default String accessControlAllowHeaders(Request<?> request) {
        return DEFAULT_ACCESS_CONTROL_ALLOW_HEADERS;
    }
}
