package com.atlassian.plugins.rest.common.security.jersey;

import com.atlassian.http.method.Methods;
import com.atlassian.plugins.rest.common.security.XsrfCheckFailedException;
import com.sun.jersey.spi.container.ContainerRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/plugins/rest/common/security/jersey/OriginBasedXsrfResourceFilter.class */
class OriginBasedXsrfResourceFilter extends XsrfResourceFilter {
    private static final Logger log = LoggerFactory.getLogger(OriginBasedXsrfResourceFilter.class);

    OriginBasedXsrfResourceFilter() {
    }

    @Override // com.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        if (!Methods.isMutative(containerRequest.getMethod()) || !isLikelyToBeFromBrowser(containerRequest)) {
            return containerRequest;
        }
        if (passesAdditionalBrowserChecks(containerRequest)) {
            return containerRequest;
        }
        if (containerRequest.getMediaType() == null || !isXsrfable(containerRequest.getMethod(), containerRequest.getMediaType())) {
            throw new XsrfCheckFailedException();
        }
        logXsrfFailureButNotBeingEnforced(containerRequest, log);
        return containerRequest;
    }
}
