response = client.get("/users/me", headers={"key": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():
    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "APIKey"

	// Copy request.
	req := *r

	// Save authorization header.
	v4Auth := req.Header.Get(xhttp.Authorization)

	// Parse signature version '4' header.
	signV4Values, errCode := parseSignV4(v4Auth, globalSite.Region(), serviceS3)
	if errCode != ErrNone {
		return cred, "", "", time.Time{}, errCode
	}

			}
		case crypto.S3:
			w.Header().Set(xhttp.AmzServerSideEncryption, xhttp.AmzEncryptionAES)
			etag, _ = DecryptETag(objectEncryptionKey, ObjectInfo{ETag: etag})
		case crypto.SSEC:
			w.Header().Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerAlgorithm))
			w.Header().Set(xhttp.AmzServerSideEncryptionCustomerKeyMD5, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerKeyMD5))

        headers = Headers.headersOf("content-type", "application/json"),
      ),
    )
    server.enqueue(
      MockResponse(
        body =
          """
          |data: hey
          |
          |
          """.trimMargin(),
        headers = Headers.headersOf("content-type", "text/event-stream"),
      ),
    )

					Method:   r.Method,
					RawQuery: redactLDAPPwd(r.URL.RawQuery),
					Client:   handlers.GetSourceIP(r),
					Headers:  reqHeaders,
					Path:     reqPath,
					Body:     reqRecorder.Data(),
				},
				RespInfo: madmin.TraceResponseInfo{
					Time:       reqEndTime,
					Headers:    respRecorder.Header().Clone(),
					StatusCode: respRecorder.StatusCode,
					Body:       respRecorder.Body(),
				},

        Request(
          url = "https://url-host.com:${server.port}/".toHttpUrl(),
          headers = headersOf("Host", "header-host"),
        ),
      )
    val response = call.execute()
    assertThat(response.isSuccessful).isTrue()

    val recordedRequest = server.takeRequest()
    assertThat(recordedRequest.url.host).isEqualTo("header-host")

    // https://github.com/bcgit/bc-java/issues/1773

// https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
// Returns ErrInvalidChecksum if a problem with the checksum is found.
func (r *Reader) AddChecksumNoTrailer(headers http.Header, ignoreValue bool) error {
	cs, err := GetContentChecksum(headers)
	if err != nil {
		return ErrInvalidChecksum
	}
	if cs == nil {
		return nil
	}
	r.contentHash = *cs
	return r.AddNonTrailingChecksum(cs, ignoreValue)
}

        // Mock getHeaderFields to return our headers
        Map<String, List<String>> allHeaders = headers != null ? new HashMap<>(headers) : new HashMap<>();
        allHeaders.put(null, Collections.singletonList(statusLine)); // Status line
        when(conn.getHeaderFields()).thenReturn(allHeaders);

        // Mock individual header access by both string key and index
        if (headers != null) {
            // Mock by header name

  /** Identifies which member in the ASN.1 schema the field holds. */
  var tag: Long,
  /**
   * If the constructed bit is set it indicates that the value is composed of other values that have
   * their own headers.
   *
   * This value is encoded in bit 6 of the first byte of each value.
   *
   * ```
   * 0bxx0xxxxx Primitive
   * 0bxx1xxxxx Constructed
   * ```
   */
  var constructed: Boolean,

}

// Apply applies the SSE bucket configuration on the given HTTP headers and
// sets the specified SSE headers.
//
// Apply does not overwrite any existing SSE headers. Further, it will
// set minimal SSE-KMS headers if autoEncrypt is true and the BucketSSEConfig
// is nil.
func (b *BucketSSEConfig) Apply(headers http.Header, opts ApplyOptions) {
	if crypto.Requested(headers) {
		return
	}
	if b == nil {
		if opts.AutoEncrypt {