return messWith("crc32-not-streamed.zip", func(b []byte) {
		// Corrupt foo.txt's final crc32 byte, in both
		// the file header and TOC. (0x7e -> 0x7f)
		b[0x11]++
		b[0x9d]++

		// TODO(bradfitz): add a new test that only corrupts
		// one of these values, and verify that that's also an
		// error. Currently, the reader code doesn't verify the
		// fileheader and TOC's crc32 match if they're both

}

// GetObjectNInfo - returns object info and an object
// Read(Closer). When err != nil, the returned reader is always nil.
func (er erasureObjects) GetObjectNInfo(ctx context.Context, bucket, object string, rs *HTTPRangeSpec, h http.Header, opts ObjectOptions) (gr *GetObjectReader, err error) {
	if !opts.NoAuditLog {
		auditObjectErasureSet(ctx, "GetObject", object, &er)
	}

	if err != nil {
		return
	}

	outbuf := bytes.NewBuffer(nil)
	objectKey := crypto.GenerateKey(key.Plaintext, rand.Reader)
	sealedKey := objectKey.Seal(key.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, "")
	crypto.S3.CreateMetadata(metadata, key.KeyID, key.Ciphertext, sealedKey)

01BC          ; mapped                 ; 01BD          # 1.1  LATIN CAPITAL LETTER TONE FIVE
01BD..01C3    ; valid                                  # 1.1  LATIN SMALL LETTER TONE FIVE..LATIN LETTER RETROFLEX CLICK
01C4..01C6    ; mapped                 ; 0064 017E     # 1.1  LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER DZ WITH CARON

    }

    /**
     * Writes no-cache headers to the response.
     *
     * @param response the stream response
     * @param responseData the response data
     */
    protected void writeNoCache(final StreamResponse response, final ResponseData responseData) {
        response.header("Pragma", "no-cache");
        response.header("Cache-Control", "no-cache");
        response.header("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");

<img src="/img/tutorial/security/image10.png">

/// note | Hinweis

Beachten Sie den Header `Authorization` mit einem Wert, der mit `Bearer` beginnt.

///

## Fortgeschrittene Verwendung mit `scopes`

OAuth2 hat ein Konzept von <abbr title="Geltungsbereiche">„Scopes“</abbr>.

<img src="/img/tutorial/security/image10.png">

/// note | Nota

Observa el header `Authorization`, con un valor que comienza con `Bearer `.

///

## Uso avanzado con `scopes`

OAuth2 tiene la noción de "scopes".

Puedes usarlos para agregar un conjunto específico de permisos a un token JWT.

// has been used.
// The returned reader contains the payload.
func waitForHTTPResponse(respBody io.Reader) (io.Reader, error) {
	reader := bufio.NewReader(respBody)
	for {
		b, err := reader.ReadByte()
		if err != nil {
			return nil, err
		}
		// Check if we have a response ready or a filler byte.
		switch b {
		case 0:
			return reader, nil
		case 1:
			errorText, err := io.ReadAll(reader)

    The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!

 *  Fix: Include the header `Accept: text/event-stream` for SSE calls. This header is not added if
    the request already contains an `Accept` header.

 *  Fix: Don't crash with a `NullPointerException` if a server sends a close while we're sending a
    ping. OkHttp had a race condition bug.

					case !strict && ver.header.matchesNotStrict(latest.header):
						latestCount++
					default:
						latestCount = 1
					}
					latest = ver
					continue
				}

				// Mismatch, but older.
				if latestCount > 0 && !strict && ver.header.matchesNotStrict(latest.header) {
					latestCount++
					continue
				}
				if latestCount > 0 && ver.header.VersionID == latest.header.VersionID {