type: object
                    rewrite:
                      description: Rewrite HTTP URIs and Authority headers.
                      properties:
                        authority:
                          description: rewrite the Authority/Host header with this
                            value.
                          type: string
                        uri:

HBONE is just a standard HTTP `CONNECT` tunnel, over mutual TLS with mesh (SPIFFE) certificates, on a well known port (15008).
The target destination address is set in the `:authority` header, and additional headers can be included as well.
Currently, only HTTP/2 is supported, though HTTP/1.1 and HTTP/3 are planned.

Currently, SNI is not set by Istio clients and ignored by Istio servers.

                      type: object
                    rewrite:
                      description: Rewrite HTTP URIs and Authority headers.
                      properties:
                        authority:
                          description: rewrite the Authority/Host header with this
                            value.
                          type: string
                        uri:

   *
   * @param streamId client-initiated stream ID.  Must be an odd number.
   * @param promisedStreamId server-initiated stream ID.  Must be an even number.
   * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`, and `:path`.
   */
  @Throws(IOException::class)
  fun pushPromise(
    streamId: Int,
    promisedStreamId: Int,
    requestHeaders: List<Header>,
  ) {
    this.withLock {

    val expectedRequestHeaders =
      listOf(
        Header(Header.TARGET_METHOD, "GET"),
        Header(Header.TARGET_SCHEME, "https"),
        Header(Header.TARGET_AUTHORITY, "squareup.com"),
        Header(Header.TARGET_PATH, "/cached"),
      )
    peer.sendFrame().pushPromise(3, 2, expectedRequestHeaders)
    val expectedResponseHeaders =
      listOf(

	}
	return strings.Join(matches, ", ")
}

func renderMatch(match *v1alpha3.HTTPMatchRequest) string {
	retval := "Match: "
	// TODO Are users interested in seeing Scheme, Method, Authority?
	if match.Uri != nil {
		retval += renderStringMatch(match.Uri)

		if match.IgnoreUriCase {
			retval += " uncased"
		}
	}

	if len(match.Headers) > 0 {
		headerConds := []string{}

  - The requested name did not match the set of authorized names (`x509.HostnameError`)
  - The error surfaced after attempting a connection contained one of the substrings: "certificate is not trusted" or "certificate signed by unknown authority". ([#120736](https://github.com/kubernetes/kubernetes/pull/120736), [@MadhavJivrajani](https://github.com/MadhavJivrajani))

le","value":"off"},{"key":"address","value":""},{"key":"subject","value":""},{"key":"username","value":""},{"key":"password","value":""},{"key":"token","value":""},{"key":"tls","value":"off"},{"key":"tls_skip_verify","value":"off"},{"key":"cert_authority","value":""},{"key":"client_cert","value":""},{"key":"client_key","value":""},{"key":"ping_interval","value":"0"},{"key":"jetstream","value":"off"},{"key":"streaming","value":"off"},{"key":"streaming_async","value":"off"},{"key":"streaming_max_p...

You'll see the user interface like:

<img src="/img/tutorial/security/image07.png">

Authorize the application the same way as before.

Using the credentials:

Username: `johndoe`
Password: `secret`

!!! check

次のインタラクティブなドキュメントにアクセスしてください: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>。

下記のように見えるでしょう:

<img src="/img/tutorial/security/image01.png">

!!! check "Authorizeボタン!"
    すでにピカピカの新しい「Authorize」ボタンがあります。

    そして、あなたの*path operation*には、右上にクリックできる小さな鍵アイコンがあります。

それをクリックすると、`ユーザー名`と`パスワード` (およびその他のオプションフィールド) を入力する小さな認証フォームが表示されます:

<img src="/img/tutorial/security/image02.png">