package org.graylog2.shared.rest;

import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Response;

/* loaded from: input_file:org/graylog2/shared/rest/CORSFilter.class */
public class CORSFilter implements ContainerRequestFilter, ContainerResponseFilter {
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        String str;
        if (containerRequestContext.getRequest().getMethod().equalsIgnoreCase("options") || (str = (String) containerRequestContext.getHeaders().getFirst("Origin")) == null || str.isEmpty()) {
            return;
        }
        containerResponseContext.getHeaders().add("Access-Control-Allow-Origin", str);
        containerResponseContext.getHeaders().add("Access-Control-Allow-Credentials", true);
        containerResponseContext.getHeaders().add("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension");
        containerResponseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
        containerResponseContext.getHeaders().add("Access-Control-Max-Age", "600");
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (containerRequestContext.getRequest().getMethod().equalsIgnoreCase("options")) {
            Response.ResponseBuilder noContent = Response.noContent();
            String str = (String) containerRequestContext.getHeaders().getFirst("Origin");
            if (str == null || str.isEmpty()) {
                return;
            }
            noContent.header("Access-Control-Allow-Origin", str);
            noContent.header("Access-Control-Allow-Credentials", true);
            noContent.header("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension");
            noContent.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
            noContent.header("Access-Control-Max-Age", "600");
            containerRequestContext.abortWith(noContent.build());
        }
    }
}
