1 package com.atlassian.sal.api.xsrf;
2
3 import javax.servlet.http.HttpServletRequest;
4
5 /**
6 * Provides an implementation of checking if a request or a header value
7 * contains a valid {@link TOKEN_HEADER} header.
8 *
9 * @since v2.10.12
10 */
11 public final class XsrfHeaderValidator
12 {
13 private static final String TOKEN_VALUE = "no-check";
14
15 public static final String TOKEN_HEADER = "X-Atlassian-Token";
16
17 /**
18 * Returns true if the given HttpServletRequest contains a valid
19 * {@link TOKEN_HEADER} header.
20 * @param request the request to check.
21 * @return true if the given request contains a valid {@link TOKEN_HEADER}
22 * header, otherwise returns false.
23 */
24 public boolean requestHasValidXsrfHeader(HttpServletRequest request)
25 {
26 return isValidHeaderValue(request.getHeader(TOKEN_HEADER));
27 }
28
29 /**
30 * Returns true if the given header value is valid for the
31 * {@link TOKEN_HEADER} header.
32 * @param headerValue the value of the {@link TOKEN_HEADER} header.
33 * @return true if the given value of the {@link TOKEN_HEADER} header
34 * is valid, otherwise returns false.
35 */
36 public boolean isValidHeaderValue(String headerValue)
37 {
38 if (headerValue == null)
39 {
40 return false;
41 }
42 return headerValue.equalsIgnoreCase(TOKEN_VALUE);
43 }
44
45 }