1 package com.atlassian.sal.api.xsrf;
2
3 import javax.servlet.http.HttpServletRequest;
4
5 /**
6 * Provides an implementation of checking if a request or a header value
7 * contains a valid {@link #TOKEN_HEADER} header.
8 *
9 * @since v2.10.12
10 */
11 public final class XsrfHeaderValidator {
12 private static final String TOKEN_VALUE = "no-check";
13
14 public static final String TOKEN_HEADER = "X-Atlassian-Token";
15
16 /**
17 * Returns true if the given HttpServletRequest contains a valid
18 * {@link #TOKEN_HEADER} header.
19 *
20 * @param request the request to check.
21 * @return true if the given request contains a valid {@link #TOKEN_HEADER}
22 * header, otherwise returns false.
23 */
24 public boolean requestHasValidXsrfHeader(HttpServletRequest request) {
25 return isValidHeaderValue(request.getHeader(TOKEN_HEADER));
26 }
27
28 /**
29 * Returns true if the given header value is valid for the {@link #TOKEN_HEADER} header.
30 *
31 * @param headerValue the value of the {@link #TOKEN_HEADER} header.
32 * @return true if the given value of the {@link #TOKEN_HEADER} header
33 * is valid, otherwise returns false.
34 */
35 public boolean isValidHeaderValue(String headerValue) {
36 if (headerValue == null) {
37 return false;
38 }
39 return headerValue.equalsIgnoreCase(TOKEN_VALUE);
40 }
41
42 }