var canUseHeaderValue = true
  var headerValue: String? = null

  loop@ for (i in 0 until headers.size) {
    val name = headers.name(i)
    val value = headers.value(i)

    when {
      name.equals("Cache-Control", ignoreCase = true) -> {
        if (headerValue != null) {
          // Multiple cache-control headers means we can't use the raw value.
          canUseHeaderValue = false
        } else {

def test_token():
    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {"token": "testtoken"}


def test_incorrect_token():
    response = client.get("/items", headers={"Authorization": "Notexistent testtoken"})
    assert response.status_code == 200, response.text

        // Mock getHeaderFields to return our headers
        Map<String, List<String>> allHeaders = headers != null ? new HashMap<>(headers) : new HashMap<>();
        allHeaders.put(null, Collections.singletonList(statusLine)); // Status line
        when(conn.getHeaderFields()).thenReturn(allHeaders);

        // Mock individual header access by both string key and index
        if (headers != null) {
            // Mock by header name

* 创建一个允许的源列表（由字符串组成）。
* 将其作为「中间件」添加到你的 **FastAPI** 应用中。

你也可以指定后端是否允许：

* 凭证（授权 headers，Cookies 等）。
* 特定的 HTTP 方法（`POST`，`PUT`）或者使用通配符 `"*"` 允许所有方法。
* 特定的 HTTP headers 或者使用通配符 `"*"` 允许所有 headers。

{* ../../docs_src/cors/tutorial001.py hl[2,6:11,13:19] *}

默认情况下，这个 `CORSMiddleware` 实现所使用的默认参数较为保守，所以你需要显式地启用特定的源、方法或者 headers，以便浏览器能够在跨域上下文中使用它们。

支持以下参数：

client = TestClient(app)


def test_path_operation():
    response = client.get("/headers/")
    assert response.status_code == 200, response.text
    assert response.json() == {"message": "Hello World"}
    assert response.headers["X-Cat-Dog"] == "alone in the world"

        .url(server.url("/"))
        .header("Accept", "text/plain")
        .build()
    val response = client.newCall(request).execute()
    assertThat(response.code).isEqualTo(200)
    assertThat(response.body.string()).isEqualTo("hello, OkHttp")

    val recorded = server.takeRequest()
    assertThat(recorded.headers["Accept"]).isEqualTo("text/plain")
    assertThat(recorded.headers["Accept-Encoding"]).isEqualTo("gzip")

client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "Bearer footokenbar"}


def test_security_oauth2_password_other_header():
    response = client.get("/users/me", headers={"Authorization": "Other footokenbar"})
    assert response.status_code == 200, response.text

}

// Set adds the ETag to the HTTP headers. It overwrites any
// existing ETag entry.
//
// Due to legacy S3 clients, that make incorrect assumptions
// about HTTP headers, Set should be used instead of
// http.Header.Set(...). Otherwise, some S3 clients will not
// able to extract the ETag.
func Set(etag ETag, h http.Header) {
	// Some (broken) S3 clients expect the ETag header to

  forObsoleteRfc2965: Boolean,
): String = cookie.toString(forObsoleteRfc2965)

internal fun addHeaderLenient(
  builder: Headers.Builder,
  line: String,
): Headers.Builder = builder.addLenient(line)

internal fun addHeaderLenient(
  builder: Headers.Builder,
  name: String,
  value: String,
): Headers.Builder = builder.addLenient(name, value)

internal fun cacheGet(
  cache: Cache,
  request: Request,

    expected_content = """<?xml version="1.0"?>
    <shampoo>
    <Header>
        Apply shampoo here.
    </Header>
    <Body>
        You'll have to use soap here.
    </Body>
    </shampoo>
    """

    response = client.get("/legacy/")
    assert response.status_code == 200, response.text
    assert response.headers["content-type"] == "application/xml"
    assert response.text == expected_content