View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.XsrfCheckFailedException;
4   import com.sun.jersey.spi.container.ContainerRequest;
5   
6   /**
7    * Protects browsers against XSRF attacks where the origin of a request would not
8    * otherwise be permitted by the same origin policy or CORS.
9    *
10   * @since 2.9.21
11   */
12  class OriginBasedXsrfResourceFilter extends XsrfResourceFilter {
13  
14      public ContainerRequest filter(final ContainerRequest request) {
15          if (!isPostRequest(request) || !isLikelyToBeFromBrowser(request) ||
16                  (request.getMediaType() != null && isXsrfable(request))) {
17              return request;
18          }
19          if (passesAdditionalBrowserChecks(request)) {
20              return request;
21          }
22          throw new XsrfCheckFailedException();
23      }
24  
25  }