/** Returns the tag attached with [T] as a key, or null if no tag is attached with that key. */
  @JvmName("reifiedTag")
  inline fun <reified T : Any> tag(): T? = tag(T::class)

  /** Returns the tag attached with [type] as a key, or null if no tag is attached with that key. */
  fun <T : Any> tag(type: KClass<T>): T? = type.java.cast(tags[type])

  /**

      unit: TimeUnit,
    ): Builder =
      apply {
        trailersDelayNanos = unit.toNanos(delay)
      }

    /**
     * When [protocols][MockWebServer.protocols] include [HTTP_2][okhttp3.Protocol], this attaches a
     * pushed stream to this response.
     */
    public fun addPush(promise: PushPromise): Builder =
      apply {
        this.pushPromises_ += promise
      }

    /**

	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}
	writeSuccessResponseJSON(w, econfigData)
}

// AttachDetachPolicyLDAP attaches or detaches policies from an LDAP entity
// (user or group).
//
// POST <admin-prefix>/idp/ldap/policy/{operation}
func (a adminAPIHandlers) AttachDetachPolicyLDAP(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

   *       directExecutor}, the listener can execute in any of three possible threads:
   *       <ol>
   *         <li>When a thread attaches a listener to a {@code ListenableFuture} that's already
   *             complete, the listener runs immediately in that thread.
   *         <li>When a thread attaches a listener to a {@code ListenableFuture} that's
   *             incomplete and the {@code ListenableFuture} later completes normally, the

    # Renvoyer une erreur
    ...
```

Mais en utilisant `secrets.compare_digest()`, cela sera sécurisé contre un type d'attaques appelé « attaques par chronométrage ».

### Attaques par chronométrage { #timing-attacks }

Mais qu'est-ce qu'une « attaque par chronométrage » ?

Imaginons que des attaquants essaient de deviner le nom d'utilisateur et le mot de passe.

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

## CSRF Risk { #csrf-risk }

This default behavior provides protection against a class of **Cross-Site Request Forgery (CSRF)** attacks in a very specific scenario.

These attacks exploit the fact that browsers allow scripts to send requests without doing any CORS preflight check when they:

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)

### 3. Configure `mc` and create another user user1 with attached policy user1policy

```
mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4

mc admin user add myminio-admin1 user1 user123
mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
mc admin policy attach myminio-admin1 user1policy --user=user1
```

    # Bir hata döndür
    ...
```

Ancak `secrets.compare_digest()` kullanarak, "timing attacks" denilen bir saldırı türüne karşı güvenli olursunuz.

### Timing Attacks { #timing-attacks }

Peki "timing attack" nedir?

Bazı saldırganların kullanıcı adı ve şifreyi tahmin etmeye çalıştığını düşünelim.

    # Поверніть якусь помилку
    ...
```

Але використовуючи `secrets.compare_digest()`, це буде захищено від типу атак, що називаються «атаки за часом» (timing attacks).

### Атаки за часом { #timing-attacks }

Що таке «атака за часом»?

Уявімо, що зловмисники намагаються вгадати ім'я користувача та пароль.

Вони надсилають запит з ім'ям користувача `johndoe` та паролем `love123`.