// Set an appropriate CORS header if requested and if allowed
 private void setCorsHeader(HttpServletRequest pReq, HttpServletResponse pResp) {
   String origin = requestHandler.extractCorsOrigin(pReq.getHeader("Origin"));
   if (origin != null) {
     pResp.setHeader("Access-Control-Allow-Origin", origin);
     pResp.setHeader("Access-Control-Allow-Credentials", "true");
   }
 }
 /**
  * OPTION requests are treated as CORS preflight requests
  *
  * @param req the original request
  * @param resp the response the answer are written to
  */
 @Override
 protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
   Map<String, String> responseHeaders =
       requestHandler.handleCorsPreflightRequest(
           req.getHeader("Origin"), req.getHeader("Access-Control-Request-Headers"));
   for (Map.Entry<String, String> entry : responseHeaders.entrySet()) {
     resp.setHeader(entry.getKey(), entry.getValue());
   }
 }
  @SuppressWarnings({"PMD.AvoidCatchingThrowable", "PMD.AvoidInstanceofChecksInCatchClause"})
  private void handle(
      ServletRequestHandler pReqHandler, HttpServletRequest pReq, HttpServletResponse pResp)
      throws IOException {
    JSONAware json = null;
    try {
      // Check access policy
      requestHandler.checkAccess(
          pReq.getRemoteHost(), pReq.getRemoteAddr(), getOriginOrReferer(pReq));

      // Remember the agent URL upon the first request. Needed for discovery
      updateAgentDetailsIfNeeded(pReq);

      // Dispatch for the proper HTTP request method
      json = handleSecurely(pReqHandler, pReq, pResp);
    } catch (Throwable exp) {
      json =
          requestHandler.handleThrowable(
              exp instanceof RuntimeMBeanException
                  ? ((RuntimeMBeanException) exp).getTargetException()
                  : exp);
    } finally {
      setCorsHeader(pReq, pResp);

      String callback = pReq.getParameter(ConfigKey.CALLBACK.getKeyValue());
      String answer =
          json != null
              ? json.toJSONString()
              : requestHandler
                  .handleThrowable(new Exception("Internal error while handling an exception"))
                  .toJSONString();
      if (callback != null) {
        // Send a JSONP response
        sendResponse(pResp, "text/javascript", callback + "(" + answer + ");");
      } else {
        sendResponse(pResp, getMimeType(pReq), answer);
      }
    }
  }