}

  /**
   * We delay sending the last byte of the request body 1500 ms. The 1000 ms read timeout should
   * only elapse 1000 ms after the request body is sent.
   */
  @Test
  fun headersReadTimeoutDoesNotStartUntilLastRequestBodyByteFire() {
    enableProtocol(Protocol.HTTP_2)
    server.enqueue(
      MockResponse
        .Builder()

   */
  public val handshake: Handshake?,
  /**
   * Returns the name of the server the client requested via the SNI (Server Name Indication)
   * attribute in the TLS handshake. Unlike the rest of the HTTP exchange, this name is sent in
   * cleartext and may be monitored or blocked by a proxy or other middlebox.
   */
  public val handshakeServerNames: List<String>,
  /** A string like `GET` or `POST`. */
  public val method: String,
  /**

	return nil
}

// Step takes a string provided from a server (or just an empty string for the
// very first conversation step) and attempts to move the authentication
// conversation forward.  It returns a string to be sent to the server or an
// error if the server message is invalid.  Calling Step after a conversation
// completes is also an error.
func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) {

        try {
          response = realChain.proceed(request)
          newRoutePlanner = true
        } catch (e: IOException) {
          // An attempt to communicate with a server failed. The request may have been sent.
          val isRecoverable = recover(e, call, request)
          call.eventListener.retryDecision(call, e, isRecoverable)
          if (!isRecoverable) throw e.withSuppressed(recoveredFailures)
          recoveredFailures += e

//
// returns ErrNone if matches. S3 errors otherwise.
func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
	// r.RequestURI will have raw encoded URI as sent by the client.
	tokens := strings.SplitN(r.RequestURI, "?", 2)
	encodedResource := tokens[0]
	encodedQuery := ""
	if len(tokens) == 2 {
		encodedQuery = tokens[1]
	}

	var (
		filteredQueries []string

* `www_redirect` - If set to True, requests to non-www versions of the allowed hosts will be redirected to their www counterparts. Defaults to `True`.

If an incoming request does not validate correctly then a `400` response will be sent.

## `GZipMiddleware` { #gzipmiddleware }

Handles GZip responses for any request that includes `"gzip"` in the `Accept-Encoding` header.

The middleware will handle both standard and streaming responses.

			}
			return err
		}
	}

	eventData, eErr := target.store.Get(key)
	if eErr != nil {
		// The last event key in a successful batch will be sent in the channel atmost once by the replayEvents()
		// Such events will not exist and wouldve been already been sent successfully.
		if os.IsNotExist(eErr) {
			return nil
		}
		return eErr
	}

	if err := target.send(eventData); err != nil {
		if IsConnErr(err) {

    private void setStatus(ServerMessageBlock2 smb, int status) throws Exception {
        Field statusField = ServerMessageBlock2.class.getDeclaredField("status");
        statusField.setAccessible(true);
        statusField.setInt(smb, status);
    }

    private void setAsync(ServerMessageBlock2 smb, boolean async) throws Exception {
        Field asyncField = ServerMessageBlock2.class.getDeclaredField("async");

  "full_name": "John Doe",
  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

If you open the developer tools, you could see how the data sent only includes the token, the password is only sent in the first request to authenticate the user and get that access token, but not afterwards:

<img src="/img/tutorial/security/image10.png">

/// note

### Update a Hero with `HeroUpdate` { #update-a-hero-with-heroupdate }

We can **update a hero**. For this we use an HTTP `PATCH` operation.

And in the code, we get a `dict` with all the data sent by the client, **only the data sent by the client**, excluding any values that would be there just for being the default values. To do it we use `exclude_unset=True`. This is the main trick. 🪄