assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token(client: TestClient):
    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {"token": "testtoken"}


def test_incorrect_token(client: TestClient):
    response = client.get("/items", headers={"Authorization": "Notexistent testtoken"})

    assertThat(recorded.headers["Accept"]).isEqualTo("text/plain")
    assertThat(recorded.headers["Accept-Encoding"]).isNull() // No built-in gzip.
    assertThat(recorded.headers["Connection"]).isEqualTo("Upgrade, HTTP2-Settings")
    if (PlatformVersion.majorVersion < 19) {
      assertThat(recorded.headers["Content-Length"]).isEqualTo("0")
    }
    assertThat(recorded.headers["HTTP2-Settings"]).isNotNull()

    @Override public Response intercept(Chain chain) throws IOException {
      Request request = chain.request();
      Headers newHeaders = request.headers()
          .newBuilder()
          .add("Date", new Date())
          .build();
      Request newRequest = request.newBuilder()
          .headers(newHeaders)
          .build();
      return chain.proceed(newRequest);
    }
  }

  }
});
```

**Warning**: The logs generated by this interceptor when using the `HEADERS` or `BODY` levels have
the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in
a non-production environment.

You can redact headers that may contain sensitive information by calling `redactHeader()`.
```java

    assertThat(request.headers[":scheme"]).isEqualTo(scheme)
    assertThat(request.headers[":authority"]).isEqualTo(
      server.hostName + ":" + server.port,
    )
    val pushedRequest = server.takeRequest()
    assertThat(pushedRequest.requestLine).isEqualTo("GET /foo/bar HTTP/2")
    assertThat(pushedRequest.headers["foo"]).isEqualTo("bar")
  }

  @Test

* `allow_headers` - Una lista de headers de request HTTP que deberían estar soportados para requests cross-origin. Por defecto es `[]`. Puedes usar `['*']` para permitir todos los headers. Los headers `Accept`, `Accept-Language`, `Content-Language` y `Content-Type` siempre están permitidos para <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"...

def test_security_http_basic_invalid_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == "Basic"
    assert response.json() == {"detail": "Not authenticated"}


def test_security_http_basic_non_basic_credentials():

  const val FLAG_ACK = 0x1 // Used for settings and ping.
  const val FLAG_END_STREAM = 0x1 // Used for headers and data.
  const val FLAG_END_HEADERS = 0x4 // Used for headers and continuation.
  const val FLAG_END_PUSH_PROMISE = 0x4
  const val FLAG_PADDED = 0x8 // Used for headers and data.
  const val FLAG_PRIORITY = 0x20 // Used for headers.
  const val FLAG_COMPRESSED = 0x20 // Used for data.

  /** Lookup table for valid frame types. */

        "/items/",
        content='{"name": "Foo", "price": 50.5}',
        headers={"Content-Type": "application/json"},
    )
    assert response.status_code == 200, response.text


def test_geo_json(client: TestClient):
    response = client.post(
        "/items/",
        content='{"name": "Foo", "price": 50.5}',
        headers={"Content-Type": "application/geo+json"},
    )

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.http1

import okhttp3.Headers
import okio.BufferedSource

/**
 * Parse all headers delimited by "\r\n" until an empty line. This throws if headers exceed 256 KiB.
 */
class HeadersReader(
  val source: BufferedSource,
) {
  private var headerLimit = HEADER_LIMIT.toLong()