Podrías entonces actualizar `test_main.py` con las pruebas extendidas:

{* ../../docs_src/app_testing/app_b_an_py310/test_main.py *}

Cada vez que necesites que el cliente pase información en el request y no sepas cómo, puedes buscar (Googlear) cómo hacerlo en `httpx`, o incluso cómo hacerlo con `requests`, dado que el diseño de HTTPX está basado en el diseño de Requests.

Luego simplemente haces lo mismo en tus pruebas.

// error returned in IAM subsystem when groups doesn't exist.
var errNoSuchGroup = errors.New("Specified group does not exist")

// error returned in IAM subsystem when a policy attach/detach request has no
// net effect, i.e. it is already applied.
var errNoPolicyToAttachOrDetach = errors.New("Specified policy update has no net effect")

// error returned in IAM subsystem when a non-empty group needs to be
// deleted.

If the behavior is threatening or harassing, or for other reasons requires immediate escalation, please see below.

import java.net.SocketAddress
import java.net.URI
import java.net.UnknownHostException
import kotlin.test.assertFailsWith
import okhttp3.Address
import okhttp3.FakeDns
import okhttp3.OkHttpClientTestRule
import okhttp3.Request
import okhttp3.Route
import okhttp3.TestValueFactory
import okhttp3.internal.connection.RouteSelector.Companion.socketHost
import okhttp3.internal.http.RecordingProxySelector
import okhttp3.testing.PlatformRule

 * short}, {@code int}, {@code float}, {@code double}, and {@code long} values.
 *
 * <p><b>Note:</b> This class intentionally violates the specification of its supertype {@code
 * DataInput}, which explicitly requires big-endian byte order.
 *
 * @author Chris Nokleberg
 * @author Keith Bottner
 * @since 8.0
 */
@J2ktIncompatible
@GwtIncompatible

``` hl_lines="5"
.
├── app
│   ├── __init__.py
│   ├── main.py
│   └── test_main.py
```

Comme ce fichier se trouve dans le même package, vous pouvez utiliser des imports relatifs pour importer l’objet `app` depuis le module `main` (`main.py`) :

{* ../../docs_src/app_testing/app_a_py310/test_main.py hl[3] *}


… et avoir le code des tests comme précédemment.

## Tester : exemple étendu { #testing-extended-example }

            assertEquals(nameBytes[i], dst[12 + i]);
        }
        assertEquals((byte) 0x00, dst[12 + nameBytes.length]);
    }

    /**
     * read*WireFormat methods in request return 0 (not implemented for requests).
     */
    @Test
    void testReadWireFormatStubsReturnZero() {
        // Given
        Trans2FindNext2 next = new Trans2FindNext2(0x0101, 0, "name");

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

Then the Python code in your application would be equivalent to something like:

```Python
if "johndoe" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

기본적으로 **FastAPI**는 JSON 요청 본문에 대해 엄격한 `Content-Type` 헤더 검사를 사용합니다. 이는 JSON 요청의 본문을 JSON으로 파싱하려면 유효한 `Content-Type` 헤더(예: `application/json`)를 반드시 포함해야 함을 의미합니다.

## CSRF 위험 { #csrf-risk }

이 기본 동작은 매우 특정한 시나리오에서 **Cross-Site Request Forgery (CSRF)** 공격의 한 유형에 대한 보호를 제공합니다.

이러한 공격은 브라우저가 다음과 같은 경우 CORS 사전 요청(preflight) 검사를 수행하지 않고 스크립트가 요청을 보내도록 허용한다는 점을 악용합니다:

- `Content-Type` 헤더가 없음(예: `Blob` 본문과 함께 `fetch()` 사용)
- 그리고 어떠한 인증 자격 증명도 보내지 않음

                """
            ),
        ] = None,
    ) -> None:
        super().__init__(code=code, reason=reason)


RequestErrorModel: type[BaseModel] = create_model("Request")
WebSocketErrorModel: type[BaseModel] = create_model("WebSocket")


class FastAPIError(RuntimeError):
    """
    A generic, FastAPI-specific error.
    """