logger.debug("Failed to retrieval a cache.", e);
            }
            return new XPathAPI();
        }
    }

    /**
     * Returns the header for the result data.
     * @return The result data header.
     */
    protected String getResultDataHeader() {
        // TODO support other type
        return "<?xml version=\"1.0\"?>\n<doc>\n";
    }

    /**

     */
    private byte[] createValidSecurityDescriptorBuffer(int size) {
        ByteBuffer buffer = ByteBuffer.allocate(size);
        buffer.order(ByteOrder.LITTLE_ENDIAN);

        // Security descriptor header
        buffer.put((byte) 0x01); // Revision
        buffer.put((byte) 0x00); // Padding
        buffer.putShort((short) 0x8004); // Control flags (SE_DACL_PRESENT | SE_SELF_RELATIVE)

# Utilizando o Request diretamente

Até agora você declarou as partes da requisição que você precisa utilizando os seus tipos.

Obtendo dados de:

* Os parâmetros das rotas.
* Cabeçalhos (*Headers*).
* Cookies.
* etc.

E ao fazer isso, o **FastAPI** está validando as informações, convertendo-as e gerando documentação para a sua API automaticamente.

Porém há situações em que você possa precisar acessar o objeto `Request` diretamente.

        // logger.debug(response.asString());
        return response;
    }

    protected Response checkDeleteMethod(final String path) {
        return given().contentType("application/json").header("Authorization", getTestToken()).delete(getApiPath() + "/" + path);
    }

    protected List<Map<String, Object>> getItemList(final Map<String, Object> body) {

        }
        byte[] nameBytes = "bob".getBytes(StandardCharsets.US_ASCII);

        return Stream.of(
                // Too short for TOK_ID + MECH_OID_LEN
                Arguments.of("too short header", new byte[] { 0x04, 0x01, 0x00 }, IllegalArgumentException.class),

                // Wrong TOK_ID
                Arguments.of("wrong TOK_ID", new byte[] { 0x00, 0x02, 0x00, 0x01 }, IllegalArgumentException.class),

			}
		}
	}
}

var replicationStateTest = []struct {
	name      string
	rs        ReplicationState
	arn       string
	expStatus replication.StatusType
}{
	{ // 1. no replication status header
		name:      "no replicated targets",
		rs:        ReplicationState{},
		expStatus: replication.StatusType(""),
	},
	{ // 2. replication status for one target
		name:      "replication status for one target",

		return
	}

	tiers := globalTierConfigMgr.ListTiers()
	data, err := json.Marshal(tiers)
	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	w.Header().Set(tierCfgRefreshAtHdr, globalTierConfigMgr.refreshedAt().String())
	writeSuccessResponseJSON(w, data)
}

func (api adminAPIHandlers) EditTierHandler(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

          # The "digest" that allows us to pull an image is not the digest as
          # returned by the API, but a sha256sum of the entire chunk of image
          # metadata. gcr.io helpfully includes it in the header of the response
          # as docker-content-digest: sha256:[digest]. Note we use egrep to
          # match exactly sha256:<hash> because curl may include a ^M symbol at
          # the end of the line.

 * lowercase, but all others are left as-is.
 *
 * <p>Note that this specifically does <strong>not</strong> represent the value of the MIME {@code
 * Content-Type} header and as such has no support for header-specific considerations such as line
 * folding and comments.
 *
 * <p>For media types that take a charset the predefined constants default to UTF-8 and have a

Но тогда не будут разрешены некоторые виды взаимодействия, включая всё связанное с учётными данными: куки, заголовки Authorization с Bearer-токенами наподобие тех, которые мы использовали ранее и т.п.

Поэтому, чтобы всё работало корректно, лучше явно указывать список разрешённых источников.

## Использование `CORSMiddleware`