Todos os esquemas de seguranças definidos no OpenAPI, incluindo:

* HTTP Basic.
* **OAuth2** (também com **tokens JWT**). Confira o tutorial em [OAuth2 com JWT](tutorial/security/oauth2-jwt.md).
* Chaves de API em:
    * Headers.
    * parâmetros da Query.
    * Cookies etc.

Além disso, todos os recursos de segurança do Starlette (incluindo **cookies de sessão**).

* When CORS Handler is enabled, we now add a new HTTP header named "Access-Control-Expose-Headers" with a value of "Date". This allows the "Date" HTTP header to be accessed from XHR/JavaScript. ([#33242](https://github.com/kubernetes/kubernetes/pull/33242), [@dims](https://github.com/dims))

The Go code can then refer to types such as C.size_t, variables such
as C.stdout, or functions such as C.putchar.

If the import of "C" is immediately preceded by a comment, that
comment, called the preamble, is used as a header when compiling
the C parts of the package. For example:

	// #include <stdio.h>
	// #include <errno.h>
	import "C"

The preamble may contain any C code, including function and variable

                When `True` (the default), requests with a body that do not include
                a `Content-Type` header will **not** be parsed as JSON.

                This prevents potential cross-site request forgery (CSRF) attacks
                that exploit the browser's ability to send requests without a
                Content-Type header, bypassing CORS preflight checks. In particular

# ========================================================================================
# Framework Default
# =================
# ----------------------------------------------------------
# Lasta Taglib
# ------------
errors.header = <ul class="has-error">
errors.footer = </ul>
errors.prefix = <li><i class="fa fa-exclamation-circle"></i>
errors.suffix = </li>
# ----------------------------------------------------------
# Javax Validator

        final String contentType = request.getHeader("Content-Type");
        if (StringUtil.isNotEmpty(contentType)) {
            curlRequest.header("Content-Type", contentType);
        }

        request.getParameterMap().entrySet().stream().forEach(entry -> {
            if (entry.getValue().length > 1) {

  for (i in 0 until length) {
    val c = this[i]
    if (c <= '\u001f' || c >= '\u007f') {
      return i
    }
  }
  return -1
}

/** Returns true if we should void putting this this header in an exception or toString(). */
internal fun isSensitiveHeader(name: String): Boolean =
  name.equals("Authorization", ignoreCase = true) ||
    name.equals("Cookie", ignoreCase = true) ||

        // Manually build the expected NTLMv2 blob (same as production code)
        int avPairsLength = avPairs.length;
        byte[] blob = new byte[28 + avPairsLength + 4];
        Encdec.enc_uint32le(0x00000101, blob, 0); // Header
        Encdec.enc_uint32le(0x00000000, blob, 4); // Reserved
        Encdec.enc_uint64le(nanos1601, blob, 8);
        System.arraycopy(clientChallenge, 0, blob, 16, 8);

      encodings[codePoint] = encoding
    }
  }

  fun nonPrintableAscii(encoding: Encoding) =
    apply {
      encodings[0x0] = encoding // Null character
      encodings[0x1] = encoding // Start of Header
      encodings[0x2] = encoding // Start of Text
      encodings[0x3] = encoding // End of Text
      encodings[0x4] = encoding // End of Transmission
      encodings[0x5] = encoding // Enquiry

        // DACL at offset 20
        securityDescriptorBytes[16] = 20;
        securityDescriptorBytes[17] = 0;
        securityDescriptorBytes[18] = 0;
        securityDescriptorBytes[19] = 0;

        // DACL header at offset 20
        securityDescriptorBytes[20] = 2; // ACL revision
        securityDescriptorBytes[21] = 0; // sbz1
        securityDescriptorBytes[22] = 8; // ACL size (low byte)