blobs - Code Search

docs/recipes.md

 [AccessHeadersJava]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/AccessHeaders.java
 [AccessHeadersKotlin]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/kt/AccessHeaders.kt

Created: Fri Apr 03 11:42:14 GMT 2026

- Last Modified: Sun Mar 15 09:01:42 GMT 2026

- 47.8K bytes

- Click Count (0)

github.com/google/guava

android/guava-tests/test/com/google/common/hash/SipHashFunctionTest.java

  private static final HashFunction SIP_WITHOUT_KEY = sipHash24();

  // These constants were originally ported from https://www.131002.net/siphash/siphash24.c. See:
  // https://github.com/nahi/siphash-java-inline/blob/master/src/test/java/org/jruby/util/SipHashInlineTest.java
  private static final long[] EXPECTED =
      new long[] {
        0x726fdb47dd0e0e31L,
        0x74f839c593dc67fdL,
        0x0d6c8009d9a94f5aL,

Created: Fri Apr 03 12:43:13 GMT 2026

- Last Modified: Thu Mar 19 18:53:45 GMT 2026

- 6.8K bytes

- Click Count (0)

github.com/google/guava

guava-tests/test/com/google/common/hash/SipHashFunctionTest.java

  private static final HashFunction SIP_WITHOUT_KEY = sipHash24();

  // These constants were originally ported from https://www.131002.net/siphash/siphash24.c. See:
  // https://github.com/nahi/siphash-java-inline/blob/master/src/test/java/org/jruby/util/SipHashInlineTest.java
  private static final long[] EXPECTED =
      new long[] {
        0x726fdb47dd0e0e31L,
        0x74f839c593dc67fdL,
        0x0d6c8009d9a94f5aL,

Created: Fri Apr 03 12:43:13 GMT 2026

- Last Modified: Thu Mar 19 18:53:45 GMT 2026

- 6.8K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/zh/docs/advanced/strict-content-type.md

## CSRF 风险 { #csrf-risk }

此默认行为在一个非常特定的场景下，可防御一类跨站请求伪造（CSRF）攻击。

这类攻击利用了浏览器的一个事实：当请求满足以下条件时，浏览器允许脚本在不进行任何 CORS 预检的情况下直接发送请求：

- 没有 `Content-Type` 头（例如使用 `fetch()` 携带 `Blob` 作为 body）
- 且不发送任何认证凭据。

这种攻击主要在以下情况下相关：

- 应用在本地（如 `localhost`）或内网中运行
- 且应用没有任何认证，假定来自同一网络的请求都可信。

## 攻击示例 { #example-attack }

假设你构建了一个本地运行的 AI 代理。

它提供了一个 API，地址为

```

Created: Sun Apr 05 07:19:11 GMT 2026

- Last Modified: Fri Mar 20 14:29:48 GMT 2026

- 3K bytes

- Click Count (0)

github.com/square/okhttp

docs/features/https.md

      }
    ```

 [CustomTrustJava]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java
 [CustomTrustKotlin]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt
 [CertificatePinningJava]: https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CertificatePinning.java

Created: Fri Apr 03 11:42:14 GMT 2026

- Last Modified: Sun Mar 15 09:01:42 GMT 2026

- 10.5K bytes

- Click Count (0)

github.com/google/guava

.github/workflows/scorecard.yml

on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  # To guarantee Maintained check is occasionally updated. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
  schedule:
    - cron: '45 9 * * 0'
  push:
    branches: [ "master" ]

Created: Fri Apr 03 12:43:13 GMT 2026

- Last Modified: Wed Apr 01 22:02:44 GMT 2026

- 2.9K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/tr/docs/advanced/strict-content-type.md

Bu saldırılar, tarayıcıların aşağıdaki durumlarda herhangi bir CORS preflight kontrolü yapmadan script’lerin request göndermesine izin vermesinden faydalanır:

- bir Content-Type header’ı yoksa (örn. body olarak Blob ile fetch() kullanıldığında)
- ve herhangi bir kimlik doğrulama bilgisi gönderilmiyorsa.

Bu tür saldırılar özellikle şu durumlarda önemlidir:

- uygulama yerelde (örn. localhost’ta) veya dahili bir ağda çalışıyorsa

Created: Sun Apr 05 07:19:11 GMT 2026

- Last Modified: Thu Mar 19 18:51:35 GMT 2026

- 3.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/uk/docs/advanced/strict-content-type.md

Ці атаки використовують той факт, що браузери дозволяють скриптам надсилати запити без виконання перевірки CORS preflight, коли вони:

* не мають заголовка `Content-Type` (наприклад, використовуючи `fetch()` з тілом типу `Blob`)
* і не надсилають жодних облікових даних автентифікації.

Такий тип атаки головним чином актуальний, коли:

* застосунок працює локально (наприклад, на `localhost`) або у внутрішній мережі

Created: Sun Apr 05 07:19:11 GMT 2026

- Last Modified: Thu Mar 19 18:25:54 GMT 2026

- 5.5K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/de/docs/advanced/strict-content-type.md

Diese Angriffe nutzen aus, dass Browser Skripte Requests senden lassen, ohne einen CORS-Preflight-Check durchzuführen, wenn sie:

* keinen `Content-Type`-Header haben (z. B. mit `fetch()` und einem `Blob`-Body)
* und keine Authentifizierungsdaten senden.

Diese Art von Angriff ist vor allem relevant, wenn:

* die Anwendung lokal läuft (z. B. auf `localhost`) oder in einem internen Netzwerk

Created: Sun Apr 05 07:19:11 GMT 2026

- Last Modified: Thu Mar 19 17:48:21 GMT 2026

- 3.6K bytes

- Click Count (0)

github.com/google/guava

android/guava-tests/test/com/google/common/hash/Murmur3Hash32Test.java

            return murmur3_32(seed).hashBytes(input).asBytes();
          }
        };
    // Murmur3A, MurmurHash3 for x86, 32-bit (MurmurHash3_x86_32)
    // https://github.com/aappleby/smhasher/blob/master/src/main.cpp
    HashTestUtils.verifyHashFunction(hf, 32, 0xB0F57EE3);
  }

  public void testParanoid() {
    HashFn hf =
        new HashFn() {
          @Override

Created: Fri Apr 03 12:43:13 GMT 2026

- Last Modified: Thu Mar 19 18:53:45 GMT 2026

- 8.4K bytes

- Click Count (0)

Search Options