Within the Go file, C's struct field names that are keywords in Go
can be accessed by prefixing them with an underscore: if x points at a C
struct with a field named "type", x._type accesses the field.
C struct fields that cannot be expressed in Go, such as bit fields
or misaligned data, are omitted in the Go struct, replaced by
appropriate padding to reach the next field or the end of the struct.

)

// FileHeader describes a file within a ZIP file.
// See the [ZIP specification] for details.
//
// [ZIP specification]: https://support.pkware.com/pkzip/appnote
type FileHeader struct {
	// Name is the name of the file.
	//
	// It must be a relative path, not start with a drive letter (such as "C:"),
	// and must use forward slashes instead of back slashes. A trailing slash

# Vérifier strictement le Content-Type { #strict-content-type-checking }

Par défaut, FastAPI applique une vérification stricte de l’en-tête `Content-Type` pour les corps de requêtes JSON ; cela signifie que les requêtes JSON doivent inclure un en-tête `Content-Type` valide (par ex. `application/json`) pour que le corps soit analysé comme JSON.

## Risque CSRF { #csrf-risk }

# 严格的 Content-Type 检查 { #strict-content-type-checking }

默认情况下，FastAPI 对 JSON 请求体使用严格的 `Content-Type` 头检查。这意味着，JSON 请求必须包含有效的 `Content-Type` 头（例如 `application/json`），其请求体才会被按 JSON 解析。

## CSRF 风险 { #csrf-risk }

此默认行为在一个非常特定的场景下，可防御一类跨站请求伪造（CSRF）攻击。

这类攻击利用了浏览器的一个事实：当请求满足以下条件时，浏览器允许脚本在不进行任何 CORS 预检的情况下直接发送请求：

- 没有 `Content-Type` 头（例如使用 `fetch()` 携带 `Blob` 作为 body）
- 且不发送任何认证凭据。

这种攻击主要在以下情况下相关：

- 应用在本地（如 `localhost`）或内网中运行

# Строгая проверка HTTP-заголовка Content-Type { #strict-content-type-checking }

По умолчанию **FastAPI** использует строгую проверку HTTP-заголовка `Content-Type` для JSON-тел запросов. Это означает, что JSON-запросы должны включать корректный заголовок `Content-Type` (например, `application/json`), чтобы тело запроса было обработано как JSON.

## Риск CSRF { #csrf-risk }

# Chequeo estricto de Content-Type { #strict-content-type-checking }

Por defecto, **FastAPI** usa un chequeo estricto del header `Content-Type` para request bodies JSON, esto significa que las requests JSON deben incluir un header `Content-Type` válido (p. ej. `application/json`) para que el request body se parse como JSON.

## Riesgo de CSRF { #csrf-risk }

# Strict Content-Type Checking { #strict-content-type-checking }

By default, **FastAPI** uses strict `Content-Type` header checking for JSON request bodies, this means that JSON requests **must** include a valid `Content-Type` header (e.g. `application/json`) in order for the body to be parsed as JSON.

## CSRF Risk { #csrf-risk }

This default behavior provides protection against a class of **Cross-Site Request Forgery (CSRF)** attacks in a very specific scenario.

# Sıkı Content-Type Kontrolü { #strict-content-type-checking }

Varsayılan olarak FastAPI, JSON request body'leri için sıkı Content-Type header kontrolü uygular. Bu, JSON request'lerin body'lerinin JSON olarak parse edilebilmesi için geçerli bir Content-Type header'ı (örn. application/json) içermesi gerektiği anlamına gelir.

## CSRF Riski { #csrf-risk }

		Strings:  StringsSlice{"a", "b", "c"},
		Structs: StructsSlice{
			{"name1", "value1"},
			{"name2", "value2"},
		},
		Role:             Role{Name: "admin"},
		ExampleStruct:    ExampleStruct{"name", "value1"},
		ExampleStructPtr: &ExampleStruct{"name", "value2"},
	}

	if err := DB.Create(&data).Error; err != nil {
		t.Fatalf("No error should happened when create scanner valuer struct, but got %v", err)
	}

)

func TestEmbeddedStruct(t *testing.T) {
	type ReadOnly struct {
		ReadOnly *bool
	}

	type BasePost struct {
		Id    int64
		Title string
		URL   string
		ReadOnly
	}

	type Author struct {
		ID    string
		Name  string
		Email string
	}

	type HNPost struct {
		BasePost
		Author  `gorm:"EmbeddedPrefix:user_"` // Embedded struct
		Upvotes int32
	}

	type EngadgetPost struct {