if err != nil {
		writeErrorResponseHeadersOnly(w, toAPIError(ctx, err))
		return
	}
	opts.WantChecksum = checksum

	fanOutOpts := fanOutOptions{Checksum: checksum}
	if crypto.Requested(formValues) {
		if crypto.SSECopy.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, toAPIError(ctx, errInvalidEncryptionParameters), r.URL)
			return
		}

 *  New: Connection coalescing. OkHttp may reuse HTTP/2 connections across calls that share an IP
    address and HTTPS certificate, even if their domain names are different.
 *  New: MockWebServer's `RecordedRequest` exposes the requested `HttpUrl` with `getRequestUrl()`.


## Version 3.6.0

_2017-01-29_

 *  Fix: Don't crash with a "cache is closed" error when there is an error initializing the cache.

- Kube-log-runner: rotating log output into a new file when reaching a certain file size can be requested via the new `-log-file-size` parameter. `-log-file-age` enables automatical removal of old output files.  Periodic flushing can be requested through ` -flush-interval`. ([#127667](https://github.com/kubernetes/kubernetes/pull/127667), [@zylxjtu](https://github.com/zylxjtu)) [SIG API Machinery, Apps, Architecture, Auth,...

        }
        return (this.tconHostName == null || hostName.equalsIgnoreCase(this.tconHostName)) && addr.equals(this.address)
                && (prt == 0 || prt == this.port ||
                /* port 139 is ok if 445 was requested */
                        prt == 445 && this.port == 139)
                && (laddr == this.localAddr || laddr != null && laddr.equals(this.localAddr)) && lprt == this.localPort;
    }

        throw error!!
      }
    }
  }

  /**
   * We don't know if the connection will support HTTP/2 until after we've connected. When multiple
   * connections are requested concurrently OkHttp will pessimistically connect multiple times, then
   * close any unnecessary connections. This test confirms that behavior works as intended.
   *

end:function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest"),e)r.setRequestHeader(n,e[n]);o=function(e){return function(){o&&(o=a=r.onload=r.onerror=r.onabort=r.ontimeout=r.onreadystatechange=null,"abort"===e?r.abort():"error"===e?"number"!=typeof r.status?t(0,"error")...

			return auth.Credentials{}, time.Time{}, err
		}
		if len(policyBuf) > maxSVCSessionPolicySize {
			return auth.Credentials{}, time.Time{}, errSessionPolicyTooLarge
		}
	}

	// found newly requested service account, to be same as
	// parentUser, reject such operations.
	if parentUser == opts.accessKey {
		return auth.Credentials{}, time.Time{}, errIAMActionNotAllowed
	}

- If a container's requested device plugin resource hasn't registered after Kubelet restart, the container start will now fail.([#67145](https://github.com/kubernetes/kubernetes/pull/67145), [@jiayingz](https://github.com/jiayingz))

* Add 'X-Content-Type-Options: nosniff" to some error messages ([#37190](https://github.com/kubernetes/kubernetes/pull/37190), [@brendandburns](https://github.com/brendandburns))
* Fixes bug in resolving client-requested API versions ([#38533](https://github.com/kubernetes/kubernetes/pull/38533), [@DirectXMan12](https://github.com/DirectXMan12))

api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With
# Whether to allow credentials for CORS.
api.cors.allow.credentials=true
# Whether to enable JSONP for API.
api.jsonp.enabled=false
# Fields for API ping to search engine.