package net.hasor.web.objects;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.hasor.dataql.fx.FxHintValue;
import net.hasor.utils.StringUtils;
import net.hasor.web.Invoker;
import net.hasor.web.InvokerChain;
import net.hasor.web.InvokerFilter;
import net.hasor.web.Mapping;
import net.hasor.web.annotation.HttpMethod;

/* loaded from: input_file:net/hasor/web/objects/CorsFilter.class */
public class CorsFilter implements InvokerFilter {
    @Override // net.hasor.web.InvokerFilter
    public Object doInvoke(Invoker invoker, InvokerChain invokerChain) throws Throwable {
        String method = invoker.getHttpRequest().getMethod();
        Mapping ownerMapping = invoker.ownerMapping();
        if (ownerMapping != null && ownerMapping.findMethod(HttpMethod.OPTIONS) != null) {
            return invokerChain.doNext(invoker);
        }
        HttpServletRequest httpRequest = invoker.getHttpRequest();
        HttpServletResponse httpResponse = invoker.getHttpResponse();
        String header = httpRequest.getHeader("Origin");
        if (StringUtils.isNotBlank(header)) {
            httpResponse.setHeader("Access-Control-Allow-Origin", header);
            httpResponse.setHeader("Access-Control-Allow-Credentials", FxHintValue.FRAGMENT_SQL_QUERY_BY_PAGE_ENABLE);
        } else {
            httpResponse.setHeader("Access-Control-Allow-Origin", "*");
        }
        httpResponse.addHeader("Access-Control-Allow-Methods", "*");
        httpResponse.addHeader("Access-Control-Allow-Headers", "content-type");
        httpResponse.addHeader("Access-Control-Max-Age", "3600");
        if (HttpMethod.OPTIONS.equalsIgnoreCase(method)) {
            return null;
        }
        return invokerChain.doNext(invoker);
    }
}
