Your API now has the power to control its own <dfn title="This is a joke, just in case. It has nothing to do with cookie consents, but it's funny that even the API can now reject the poor cookies. Have a cookie. 🍪">cookie consent</dfn>. 🤪🍪

You can use Pydantic's model configuration to `forbid` any `extra` fields:

{* ../../docs_src/cookie_param_models/tutorial002_an_py310.py hl[10] *}

     to extract, reuse, reproduce, and Share all or a substantial
     portion of the contents of the database;

  b. if You include all or a substantial portion of the database
     contents in a database in which You have Sui Generis Database
     Rights, then the database in which You have Sui Generis Database
     Rights (but not its individual contents) is Adapted Material; and

				"application/dita+xml;format=topic",
				"application/dita+xml;format=task",
				"application/dita+xml;format=concept",
				"application/dita+xml;format=val",
				"application/dns",
				"application/dvcs",
				"application/ecmascript",
				"application/edi-consent",
				"application/edi-x12",
				"application/edifact",
				"application/emma+xml",
				"application/epp+xml",

# Chequeo estricto de Content-Type { #strict-content-type-checking }

Por defecto, **FastAPI** usa un chequeo estricto del header `Content-Type` para request bodies JSON, esto significa que las requests JSON deben incluir un header `Content-Type` válido (p. ej. `application/json`) para que el request body se parse como JSON.

## Riesgo de CSRF { #csrf-risk }

# 严格的 Content-Type 检查 { #strict-content-type-checking }

默认情况下，FastAPI 对 JSON 请求体使用严格的 `Content-Type` 头检查。这意味着，JSON 请求必须包含有效的 `Content-Type` 头（例如 `application/json`），其请求体才会被按 JSON 解析。

## CSRF 风险 { #csrf-risk }

此默认行为在一个非常特定的场景下，可防御一类跨站请求伪造（CSRF）攻击。

这类攻击利用了浏览器的一个事实：当请求满足以下条件时，浏览器允许脚本在不进行任何 CORS 预检的情况下直接发送请求：

- 没有 `Content-Type` 头（例如使用 `fetch()` 携带 `Blob` 作为 body）
- 且不发送任何认证凭据。

这种攻击主要在以下情况下相关：

- 应用在本地（如 `localhost`）或内网中运行

# Строгая проверка HTTP-заголовка Content-Type { #strict-content-type-checking }

По умолчанию **FastAPI** использует строгую проверку HTTP-заголовка `Content-Type` для JSON-тел запросов. Это означает, что JSON-запросы должны включать корректный заголовок `Content-Type` (например, `application/json`), чтобы тело запроса было обработано как JSON.

## Риск CSRF { #csrf-risk }

'Â¥MTimeÓ ¿W '’žÉ§MetaSys ¼X-Minio-Internal-actual-sizeÄ 141250§MetaUsr‚¤etagÙ"51fe09d68bacc8c5a68a-1¬content-type¸application/octet-streamÎöa‰ 10/xl.meta XL2 Æ b ¨Versions‘‚¤Type ¥V2ObjÞ ¢IDÄ ¤DDirÄ ÔLã°ê8EÒŸˆ”Ù Sé6¦EcAlgo £EcM £EcN §EcBSizeÒ §EcIndex ¦EcDistš ¨CSumAlgo ¨PartNums‘ ©PartETags‘ ©PartSizes‘Ò 'ªPartASizes‘Ò '¤SizeÒ 'Â¥MTimeÓ ¿W '’žÉ§MetaSys ¼X-Minio-Internal-actual-sizeÄ 141250§MetaUsr‚¬content-type¸application/octet-stream¤etagÙ"51fe09d68bacc8c5a68a-1Îøù{~ 2/xl.meta XL2 Æ b ¨Versions‘‚¤Type...

name: Comment on a closed issue

on:
  issue_comment:
    types: [created]

jobs:
  reconsider_closed_issue:
    runs-on: ubuntu-latest
    permissions:
      issues: write
    steps:

package kms

import (
	"bytes"
	"sort"
	"unicode/utf8"
)

// Context is a set of key-value pairs that
// are associated with a generate data encryption
// key (DEK).
//
// A KMS implementation may bind the context to the
// generated DEK such that the same context must be
// provided when decrypting an encrypted DEK.
type Context map[string]string

// MarshalText returns a canonical text representation of

# Sıkı Content-Type Kontrolü { #strict-content-type-checking }

Varsayılan olarak FastAPI, JSON request body'leri için sıkı Content-Type header kontrolü uygular. Bu, JSON request'lerin body'lerinin JSON olarak parse edilebilmesi için geçerli bir Content-Type header'ı (örn. application/json) içermesi gerektiği anlamına gelir.

## CSRF Riski { #csrf-risk }