package org.apache.struts2.interceptor;

import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.util.Strings;

/* loaded from: input_file:WEB-INF/lib/struts2-core-6.1.2.jar:org/apache/struts2/interceptor/StrutsResourceIsolationPolicy.class */
public final class StrutsResourceIsolationPolicy implements ResourceIsolationPolicy {
    @Override // org.apache.struts2.interceptor.ResourceIsolationPolicy
    public boolean isRequestAllowed(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(ResourceIsolationPolicy.SEC_FETCH_SITE_HEADER);
        if (Strings.isEmpty(header) || "same-origin".equalsIgnoreCase(header) || ResourceIsolationPolicy.SITE_SAME_SITE.equalsIgnoreCase(header) || "none".equalsIgnoreCase(header)) {
            return true;
        }
        return isAllowedTopLevelNavigation(httpServletRequest);
    }

    private boolean isAllowedTopLevelNavigation(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(ResourceIsolationPolicy.SEC_FETCH_MODE_HEADER);
        String header2 = httpServletRequest.getHeader(ResourceIsolationPolicy.SEC_FETCH_DEST_HEADER);
        return (ResourceIsolationPolicy.MODE_NAVIGATE.equalsIgnoreCase(header) || "GET".equalsIgnoreCase(httpServletRequest.getMethod())) && (!ResourceIsolationPolicy.DEST_EMBED.equalsIgnoreCase(header2) && !ResourceIsolationPolicy.DEST_OBJECT.equalsIgnoreCase(header2));
    }
}
