package com.chinacreator.asp.comp.sys.oauth2.common.util;

import com.chinacreator.asp.comp.sys.oauth2.common.CredentialConfiguration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/chinacreator/asp/comp/sys/oauth2/common/util/CORSUtil.class */
public class CORSUtil {
    public static void addCORSHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        addCORSHeaders(httpServletRequest, httpServletResponse, null, null);
    }

    public static void addCORSHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        if (StringUtils.isEmpty(httpServletRequest.getHeader("Origin"))) {
            return;
        }
        String header = httpServletRequest.getHeader("Origin");
        if (CredentialConfiguration.allowAllOrigins(header)) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", header);
            httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
            if (StringUtils.isEmpty(str)) {
                str = httpServletRequest.getHeader("Access-Control-Request-Method");
            }
            if (StringUtils.isEmpty(str2)) {
                str2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
            }
            if (!"OPTIONS".equals(httpServletRequest.getMethod())) {
                httpServletResponse.addHeader("Access-Control-Expose-Headers", str2);
                return;
            }
            httpServletResponse.addHeader("Access-Control-Allow-Methods", str);
            httpServletResponse.addHeader("Access-Control-Allow-Headers", str2);
            httpServletResponse.addHeader("Access-Control-Max-Age", "86400");
        }
    }
}
