package info.elexis.server.core.security;

import info.elexis.server.core.security.oauth2.internal.OAuth2AccessToken;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:info/elexis/server/core/security/CorsFilter.class */
public class CorsFilter extends AdviceFilter {
    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        if (http.getHeader("Origin") == null) {
            return true;
        }
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        http2.setHeader("Access-Control-Allow-Origin", "*");
        http2.setHeader("Access-Control-Allow-Credentials", "true");
        String header = http.getHeader("Access-Control-Request-Method");
        String method = http.getMethod();
        if (header == null || !"OPTIONS".equalsIgnoreCase(method)) {
            http2.setHeader("Access-Control-Expose-Headers", OAuth2AccessToken.BEARER_TYPE);
            return true;
        }
        http2.setHeader("Access-Control-Allow-Headers", "origin, content-type, x-requested-with, accept, authorization");
        http2.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
        http2.setHeader("Access-Control-Max-Age", "1209600");
        http2.setStatus(200);
        return false;
    }
}
