}

	// If we have too many waiting, reject this at once.
	if l.waitMutex.Load() > lockMutexWaitLimit {
		l.locksOverloaded.Add(1)
		return false, nil
	}
	// Wait for mutex
	defer l.getMutex()()
	if ctx.Err() != nil {
		return false, ctx.Err()
	}
	if !l.canTakeLock(args.Resources...) {
		// Not all locks can be taken on resources,
		// reject it completely.
		return false, nil
	}

Your API now has the power to control its own <abbr title="This is a joke, just in case. It has nothing to do with cookie consents, but it's funny that even the API can now reject the poor cookies. Have a cookie. 🍪">cookie consent</abbr>. 🤪🍪

You can use Pydantic's model configuration to `forbid` any `extra` fields:

{* ../../docs_src/cookie_param_models/tutorial002_an_py39.py hl[10] *}

			success: false,
		},
		// duplicate 'expiration' reject
		{

        assertTrue(key.isZero());
        assertArrayEquals(zeroBytes, key.getKey());
    }

    @Test
    @DisplayName("Should reject null key")
    void testNullKey() {
        assertThrows(IllegalArgumentException.class, () -> new Smb2LeaseKey(null));
    }

    @Test
    @DisplayName("Should reject wrong size key")
    void testWrongSizeKey() {
        assertThrows(IllegalArgumentException.class, () -> new Smb2LeaseKey(new byte[15]));

			// Verify if date headers are set, if not reject the request
			amzDate, errCode := parseAmzDateHeader(r)
			if errCode != ErrNone {
				if ok {
					tc.FuncName = "handler.Auth"
					tc.ResponseRecorder.LogErrBody = true
				}

				// All our internal APIs are sensitive towards Date
				// header, for all requests where Date header is not
				// present we will reject such clients.

        @Test
        @DisplayName("Should reject null data buffer in sign method")
        void testSignNullDataBuffer() {
            assertThrows(IllegalArgumentException.class, () -> digest.sign(null, 0, 100, request, response),
                    "Should throw IllegalArgumentException for null data buffer");
        }

        @Test
        @DisplayName("Should reject negative offset in sign method")

// record is formatted as:
//
//	"%d %s=%s\n" % (size, key, value)
//
// Keys and values should be UTF-8, but the number of bad writers out there
// forces us to be a more liberal.
// Thus, we only reject all keys with NUL, and only reject NULs in values
// for the PAX version of the USTAR string fields.
// The key must not contain an '=' character.
func validPAXRecord(k, v string) bool {
	if k == "" || strings.Contains(k, "=") {

		if r.Method == http.MethodPut && bucket != "" && object == "" && r.URL.RawQuery == "" {
			h.ServeHTTP(w, r)
			return
		}

		// CopyObject requests should be handled at current endpoint as path style
		// requests have target bucket and object in URI and source details are in
		// header fields
		if r.Method == http.MethodPut && r.Header.Get(xhttp.AmzCopySource) != "" {
			bucket, object = path2BucketObject(r.Header.Get(xhttp.AmzCopySource))

	sset := set.NewStringSet()
	for mv := range d.Stream() {
		if mv.ValueType == jstream.Object {
			// This is a JSON object type (that preserves key order)
			kvs, ok := mv.Value.(jstream.KVS)
			if ok {
				for _, kv := range kvs {
					if sset.Contains(kv.Key) {
						// Reject duplicate conditions or expiration.

		// Sub policy if set, should be a string reject
		// malformed/malicious requests.
		return
	}

	// Check if policy is parseable.
	subPolicy, err := policy.ParseConfig(bytes.NewReader([]byte(spolicyStr)))
	if err != nil {
		// Log any error in input session policy config.
		iamLogIf(GlobalContext, err)
		return
	}

	// Policy without Version string value reject it.
	if subPolicy.Version == "" {