package com.fedepot.mvc.middleware;

import com.fedepot.mvc.http.HttpHeaderNames;
import com.fedepot.mvc.http.HttpMethod;
import com.fedepot.mvc.http.Request;
import com.fedepot.mvc.http.Response;
import java.util.Arrays;

/* loaded from: input_file:com/fedepot/mvc/middleware/CorsMiddleware.class */
public class CorsMiddleware implements Middleware {
    private String[] whitelist;

    public CorsMiddleware() {
        this.whitelist = new String[]{"*"};
    }

    public CorsMiddleware(String... strArr) {
        this.whitelist = strArr;
    }

    @Override // com.fedepot.mvc.middleware.Middleware
    public void apply(Request request, Response response) {
        if (request.method().equals(HttpMethod.OPTIONS)) {
            String str = null;
            String origin = request.getOrigin();
            if (this.whitelist.length > 0 && this.whitelist[0].equals("*")) {
                str = "*";
            } else if (Arrays.asList(this.whitelist).contains(origin)) {
                str = origin;
            }
            if (str == null) {
                response.sendStatus(405);
                return;
            }
            response.header(HttpHeaderNames.VARY, "Origin");
            response.header(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            response.header(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN, str);
            response.header(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE");
            response.header(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS, "X-Requested-With, Content-Type, Ajax");
            response.end();
        }
    }
}
