## Use `CORSMiddleware` { #use-corsmiddleware }

You can configure it in your **FastAPI** application using the `CORSMiddleware`.

* Import `CORSMiddleware`.
* Create a list of allowed origins (as strings).
* Add it as a "middleware" to your **FastAPI** application.

You can also specify whether your backend allows:

            assertTrue(e.getMessage().contains("not allowed"));
        }

        // Should allow other paths
        String allowed = validator.validatePath("\\share\\allowed\\file.txt");
        assertEquals("\\share\\allowed\\file.txt", allowed);
    }

    @Test
    public void testWhitelist() throws Exception {
        validator.addToWhitelist("\\share\\allowed");

        // Should allow whitelisted path

        // Normal authentication should be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "First attempt should be allowed");

        // Record success
        rateLimiter.recordSuccess("user1", "192.168.1.1");

        // Should still be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "After success should be allowed");
    }

    @Test

	if s3Err != ErrNone {
		return cred, s3Err
	}
	if globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          policy.Action(action),
		ConditionValues: getConditionValues(r, "", cred),
		IsOwner:         owner,
		Claims:          cred.Claims,
	}) {
		// Request is allowed return the appropriate access key.
		return cred, ErrNone
	}

        validator.validatePath("\\share\\folder\\file.txt");
        validator.validatePath("C:\\Windows\\System32");
        validator.validatePath(null); // Null should be allowed
        validator.validatePath(""); // Empty should be allowed
    }

    @Test
    public void testPathTooLong() throws Exception {
        String longPath = "\\share" + "\\folder".repeat(5000);
        assertThrows(SmbException.class, () -> {

     * @param maxLength maximum allowed length
     * @param fieldName field name for error messages
     * @throws SmbException if string is invalid
     */
    public void validateString(String str, int maxLength, String fieldName) throws SmbException {
        totalValidations.incrementAndGet();

        if (str == null) {
            return; // Null strings are allowed
        }

            throw new SmbException("Path is not allowed");
        }

        // Check against whitelist if configured
        if (!whitelistedPaths.isEmpty() && !isWhitelisted(normalized)) {
            log.warn("Path is not whitelisted: {}", sanitizeForLog(normalized));
            throw new SmbException("Path is not in allowed list");
        }

        // Validate UNC paths

)

const (
	// Maximum allowed form data field values. 64MiB is a guessed practical value
	// which is more than enough to accommodate any form data fields and headers.
	requestFormDataSize = 64 * humanize.MiByte

	// For any HTTP request, request body should be not more than 16GiB + requestFormDataSize
	// where, 16GiB is the maximum allowed object size for object upload.

The following arguments are supported:

* `allowed_hosts` - A list of domain names that should be allowed as hostnames. Wildcard domains such as `*.example.com` are supported for matching subdomains. To allow any hostname either use `allowed_hosts=["*"]` or omit the middleware.
* `www_redirect` - If set to True, requests to non-www versions of the allowed hosts will be redirected to their www counterparts. Defaults to `True`.

	// as well as the value to use for the part-number-marker request parameter
	// in a subsequent request.
	NextPartNumberMarker int

	// Maximum number of parts that were allowed in the response.
	MaxParts int

	// Indicates whether the returned list of parts is truncated.
	IsTruncated bool

	// List of all parts.
	Parts []PartInfo