package li.strolch.rest.filters;

import java.io.IOException;
import java.text.MessageFormat;
import javax.annotation.Priority;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(Priorities.HEADER_DECORATOR)
/* loaded from: input_file:WEB-INF/lib/li.strolch.rest-1.4.3.jar:li/strolch/rest/filters/AccessControlResponseFilter.class */
public class AccessControlResponseFilter implements ContainerResponseFilter {
    private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final Logger logger = LoggerFactory.getLogger(AccessControlResponseFilter.class);
    private static boolean corsEnabled;
    private static String origin;
    private static boolean logged;

    public static void setCorsEnabled(boolean z) {
        corsEnabled = z;
    }

    public static void setOrigin(String str) {
        origin = str;
    }

    @Override // javax.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        if (corsEnabled) {
            if (!logged) {
                logged = true;
                logger.info(MessageFormat.format("Enabling CORS for origin: {0}", origin));
            }
            MultivaluedMap<String, Object> headers = containerResponseContext.getHeaders();
            headers.add(ACCESS_CONTROL_ALLOW_ORIGIN, origin);
            headers.add(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, Origin, X-Requested-With, Content-Type");
            headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Location, Content-Disposition");
            headers.add(ACCESS_CONTROL_ALLOW_METHODS, "POST, PUT, GET, DELETE, HEAD, OPTIONS");
        }
    }
}
