1024</code>, assembly code can refer to the value of this constant
as <code>const_bufSize</code>.
</p>

<p>
Field offsets are of the form <code><i>type</i>_<i>field</i></code>.
Struct sizes are of the form <code><i>type</i>__size</code>.
For example, consider the following Go definition:
</p>

<pre>
type reader struct {
	buf [bufSize]byte
	r   int
}
</pre>

<p>

> and you can rely on it after doing initial sanity check and targeted local testing.

### Copyright and License

When updating/modifying a file, please do not make changes to the copyright header.

When creating a new file, please make sure to add a header as defined below.

#### Required Files for Copyright Headers:

- Source code files (e.g., `.java`, `.kt`, `.groovy`).
- Documentation files, where applicable (e.g., `.adoc`, `.md`).

    /** The path of the HTML: /footer.jsp */
    HtmlNext path_FooterJsp = new HtmlNext("/footer.jsp");

    /** The path of the HTML: /header.jsp */
    HtmlNext path_HeaderJsp = new HtmlNext("/header.jsp");

    /** The path of the HTML: /help.jsp */
    HtmlNext path_HelpJsp = new HtmlNext("/help.jsp");

    /** The path of the HTML: /index.jsp */

    }
  }

  /**
   * Tests that bitSize() can be used to predict the serialization size produced by writeTo().
   *
   * <p>The serialization format consists of a 6-byte header (1 byte strategy, 1 byte hash
   * functions, 4 bytes array length) followed by the bit array data (bitSize / 8 bytes).
   */
  public void testBitSizeMatchesSerializationSize() throws Exception {

marker replication can be viewed by doing a GET/HEAD on the object version - it will return a `X-Minio-Replication-DeleteMarker-Status` header and http response code of `405`. In the case of permanent deletes, if the delete replication is pending or failed to propagate to the target cluster, GET/HEAD will return additional `X-Minio-Replication-Delete-Status` header and a http response code of `405`.

![delete](https://raw.githubusercontent.com/minio/minio/master/docs/bucket/replication/D...

為了達成這點，`:80` 的後端必須有一份「允許的來源」清單。

在此情況下，該清單必須包含 `http://localhost:8080`，` :8080` 的前端才能正確運作。

## 萬用字元 { #wildcards }

也可以將清單宣告為 `"*"`（「wildcard」萬用字元），表示全部都允許。

但那只會允許某些類型的通訊，凡是涉及憑證（credentials）的都會被排除：例如 Cookie、Authorization 標頭（像 Bearer Token 會用到的）等。

因此，為了讓一切正常運作，最好明確指定被允許的來源。

## 使用 `CORSMiddleware` { #use-corsmiddleware }

你可以在 **FastAPI** 應用程式中使用 `CORSMiddleware` 來設定：

* 匯入 `CORSMiddleware`。
* 建立允許的來源清單（字串）。

    we ignored the problem at request-building time, only to crash later with a
    `NullPointerException`.
 *  Fix: Include a backwards-compatible `OkHttp-Response-Source` header with
    `OkUrlFactory `responses.
 *  Fix: Don't include a default User-Agent header in requests made with the Call
    API. Requests made with OkUrlFactory will continue to have a default user
    agent.
 *  New: Guava-like API to create headers:

          # The "digest" that allows us to pull an image is not the digest as
          # returned by the API, but a sha256sum of the entire chunk of image
          # metadata. gcr.io helpfully includes it in the header of the response
          # as docker-content-digest: sha256:[digest]. Note we use egrep to
          # match exactly sha256:<hash> because curl may include a ^M symbol at
          # the end of the line.

  /**
   * Returns a new {@link ByteArrayDataInput} instance to read from the {@code bytes} array,
   * starting at the given position.
   *
   * @throws IndexOutOfBoundsException if {@code start} is negative or greater than the length of
   *     the array
   */
  @J2ktIncompatible
  public static ByteArrayDataInput newDataInput(byte[] bytes, int start) {
    checkPositionIndex(start, bytes.length);

# パスワード（およびハッシュ化）によるOAuth2、JWTトークンによるBearer { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

これでセキュリティの流れが全てわかったので、<abbr title="JSON Web Tokens - JSON Web Token">JWT</abbr>トークンと安全なパスワードのハッシュ化を使用して、実際にアプリケーションを安全にしてみましょう。

このコードは、アプリケーションで実際に使用したり、パスワードハッシュをデータベースに保存するといった用途に利用できます。

本章では、前章の続きから始めて、コードをアップデートしていきます。

## JWT について { #about-jwt }

JWTとは「JSON Web Tokens」の略称です。

JSONオブジェクトをスペースのない長く密集した文字列で表現したトークンの仕様です。例えば次のようになります：