package org.traccar.api;

import io.netty.handler.codec.http.HttpHeaderNames;
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import org.traccar.Context;

/* loaded from: input_file:org/traccar/api/CorsResponseFilter.class */
public class CorsResponseFilter implements ContainerResponseFilter {
    private static final String ORIGIN_ALL = "*";
    private static final String HEADERS_ALL = "origin, content-type, accept, authorization";
    private static final String METHODS_ALL = "GET, POST, PUT, DELETE, OPTIONS";

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        if (!containerResponseContext.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString())) {
            containerResponseContext.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString(), HEADERS_ALL);
        }
        if (!containerResponseContext.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS.toString())) {
            containerResponseContext.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS.toString(), true);
        }
        if (!containerResponseContext.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString())) {
            containerResponseContext.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString(), METHODS_ALL);
        }
        if (containerResponseContext.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString())) {
            return;
        }
        String headerString = containerRequestContext.getHeaderString(HttpHeaderNames.ORIGIN.toString());
        String string = Context.getConfig().getString("web.origin");
        if (headerString == null) {
            containerResponseContext.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), ORIGIN_ALL);
        } else if (string == null || string.equals(ORIGIN_ALL) || string.contains(headerString)) {
            containerResponseContext.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), headerString);
        }
    }
}
