new Tuple3<>("Custom-Header", "custom.value", "site3") };
            }
        });

        String[] paths = virtualHostHelper.getVirtualHostPaths();
        assertNotNull(paths);
        assertEquals(3, paths.length);
        assertEquals("/site1", paths[0]);
        assertEquals("/site2", paths[1]);

    public void test_multipleProcessCalls() {
        HttpServletRequest request = createMockRequest();
        HttpServletResponse response = createMockResponse();

        String[] origins = { "https://site1.com", "https://site2.com", "https://site3.com" };

        for (String origin : origins) {
            processCalled = false;
            corsHandler.process(origin, request, response);

          "pvt.k12.ca.us",
          "site.ac.jp",
          "site.ad.jp",
          "site.cc",
          "site.ed.jp",
          "site.ee",
          "site.fi",
          "site.fm",
          "site.geo.jp",
          "site.go.jp",
          "site.gr",
          "site.gr.jp",
          "site.jp",
          "site.lg.jp",
          "site.ma",
          "site.mk",
          "site.ne.jp",

          "pvt.k12.ca.us",
          "site.ac.jp",
          "site.ad.jp",
          "site.cc",
          "site.ed.jp",
          "site.ee",
          "site.fi",
          "site.fm",
          "site.geo.jp",
          "site.go.jp",
          "site.gr",
          "site.gr.jp",
          "site.jp",
          "site.lg.jp",
          "site.ma",
          "site.mk",
          "site.ne.jp",

Então um de seus usuários poderia instalá-lo e executá-lo localmente.

Em seguida, poderia abrir um site malicioso, por exemplo:

```
https://evilhackers.example.com
```

E esse site malicioso envia requisições usando `fetch()` com um corpo `Blob` para a API local em

```
http://localhost:8000/v1/agents/multivac
```

Il pourrait ensuite ouvrir un site malveillant, par exemple quelque chose comme

```
https://evilhackers.example.com
```

Et ce site malveillant enverrait des requêtes en utilisant `fetch()` avec un corps `Blob` vers l’API locale à l’adresse

```
http://localhost:8000/v1/agents/multivac
```

      - name: Build Docs
        run: uv run ./scripts/docs.py build-lang ${{ matrix.lang }}
      - uses: actions/upload-artifact@v7
        with:
          name: docs-site-${{ matrix.lang }}
          path: ./site/**
          include-hidden-files: true

  # https://github.com/marketplace/actions/alls-green#why
  docs-all-green:  # This job does nothing and is only used for the branch protection

cat README.md | grep -v 'project website' > docs/index.md
cp CHANGELOG.md docs/changelogs/changelog.md
cp CONTRIBUTING.md docs/contribute/contributing.md

# Build the site locally

## CSRF Riski { #csrf-risk }

Bu varsayılan davranış, çok belirli bir senaryoda bir sınıf Cross-Site Request Forgery (CSRF) saldırılarına karşı koruma sağlar.

Bu saldırılar, tarayıcıların aşağıdaki durumlarda herhangi bir CORS preflight kontrolü yapmadan script’lerin request göndermesine izin vermesinden faydalanır:

.idea
*.iml
*.ipr
*.iws
*.log
classes

obj

.DS_Store

# Special Mkdocs files
docs/5.x
docs/changelog.md
docs/contributing.md
docs/index.md

# jenv
/.java-version
/site/