1 package com.atlassian.sal.api.xsrf;
2
3 import javax.servlet.http.HttpServletRequest;
4
5 /**
6 * Provides an implementation of checking if a request or a header value
7 * contains a valid {@link TOKEN_HEADER} header.
8 *
9 * @since v2.10.12
10 */
11 public final class XsrfHeaderValidator {
12 private static final String TOKEN_VALUE = "no-check";
13
14 public static final String TOKEN_HEADER = "X-Atlassian-Token";
15
16 /**
17 * Returns true if the given HttpServletRequest contains a valid
18 * {@link TOKEN_HEADER} header.
19 *
20 * @param request the request to check.
21 * @return true if the given request contains a valid {@link TOKEN_HEADER}
22 * header, otherwise returns false.
23 */
24 public boolean requestHasValidXsrfHeader(HttpServletRequest request) {
25 return isValidHeaderValue(request.getHeader(TOKEN_HEADER));
26 }
27
28 /**
29 * Returns true if the given header value is valid for the
30 * {@link TOKEN_HEADER} header.
31 *
32 * @param headerValue the value of the {@link TOKEN_HEADER} header.
33 * @return true if the given value of the {@link TOKEN_HEADER} header
34 * is valid, otherwise returns false.
35 */
36 public boolean isValidHeaderValue(String headerValue) {
37 if (headerValue == null) {
38 return false;
39 }
40 return headerValue.equalsIgnoreCase(TOKEN_VALUE);
41 }
42
43 }