referrerPolicy := env.Get(EnvBrowserReferrerPolicy, kvs.GetWithDefault(browserReferrerPolicy, DefaultKVS))
	switch referrerPolicy {
	case "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-cross-origin", "same-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url":
		cfg.ReferrerPolicy = referrerPolicy
	default:
		return cfg, fmt.Errorf("invalid value %v for %s", referrerPolicy, browserReferrerPolicy)
	}

The following arguments are supported:

* `allow_origins` - A list of origins that should be permitted to make cross-origin requests. E.g. `['https://example.org', 'https://www.example.org']`. You can use `['*']` to allow any origin.

    public void add(final String origin, final CorsHandler handler) {
        if (logger.isDebugEnabled()) {
            logger.debug("Loaded {}", origin);
        }
        handerMap.put(origin, handler);
    }

    public CorsHandler get(final String origin) {
        final CorsHandler handler = handerMap.get(origin);
        if (handler != null) {
            return handler;
        }

        final String origin = httpRequest.getHeader("Origin");
        if (StringUtil.isNotBlank(origin)) {
            if (logger.isDebugEnabled()) {
                logger.debug("HTTP Request: {}", httpRequest.getMethod());
            }
            final CorsHandlerFactory factory = ComponentUtil.getCorsHandlerFactory();
            final CorsHandler handler = factory.get(origin);
            if (handler != null) {

* `expose_headers` - 指示可以被浏览器访问的响应头。默认为 `[]`。
* `max_age` - 设定浏览器缓存 CORS 响应的最长时间，单位是秒。默认为 `600`。

中间件响应两种特定类型的 HTTP 请求……

### CORS 预检请求

这是些带有 `Origin` 和 `Access-Control-Request-Method` 请求头的 `OPTIONS` 请求。

在这种情况下，中间件将拦截传入的请求并进行响应，出于提供信息的目的返回一个使用了适当的 CORS headers 的 `200` 或 `400` 响应。

### 简单请求

    headers = {
        "Origin": "https://localhost.tiangolo.com",
        "Access-Control-Request-Method": "GET",
        "Access-Control-Request-Headers": "X-Example",
    }
    response = client.options("/", headers=headers)
    assert response.status_code == 200, response.text
    assert response.text == "OK"
    assert (
        response.headers["access-control-allow-origin"]
        == "https://localhost.tiangolo.com"

```
curl http://minio1:9001/minio/health/cluster
HTTP/1.1 503 Service Unavailable
Accept-Ranges: bytes
Content-Length: 0
Server: MinIO
Vary: Origin
X-Amz-Bucket-Region: us-east-1
X-Minio-Write-Quorum: 3
X-Amz-Request-Id: 16239D6AB80EBECF
X-Xss-Protection: 1; mode=block
Date: Tue, 21 Jul 2020 00:36:14 GMT
```

### Cluster-readable probe

)

# buildifier: disable=same-origin-load
load("@rules_python//python:repositories.bzl", "py_repositories")

py_repositories()

load("@rules_python//python:repositories.bzl", "python_register_multi_toolchains")  # buildifier: disable=same-origin-load
load("@rules_python//python/pip_install:repositories.bzl", "pip_install_dependencies")

        return super.getCallableSymbols(nameFilter).filter { it.origin == KtSymbolOrigin.DELEGATED }
    }

    override fun getCallableSymbols(names: Collection<Name>): Sequence<KtCallableSymbol> = withValidityAssertion {
        return super.getCallableSymbols(names).filter { it.origin == KtSymbolOrigin.DELEGATED }
    }

        # TF's CI runs 'git fetch origin "pull/PR#/merge:pull_branch"'
        # To get the as-merged branch during the CI tests
        git diff --diff-filter ACMRT --name-only pull_branch^ pull_branch > $BATS_FILE_TMPDIR/changed_files
    else
        # If the branch is not present, then diff against origin/master
        git diff --diff-filter ACMRT --name-only origin/master > $BATS_FILE_TMPDIR/changed_files
    fi
}