## Version 4.9.2

_2021-09-30_

 *  Fix: Don't include potentially-sensitive header values in `Headers.toString()` or exceptions.
    This applies to `Authorization`, `Cookie`, `Proxy-Authorization`, and `Set-Cookie` headers.
 *  Fix: Don't crash with an `InaccessibleObjectException` when running on JDK17+ with strong
    encapsulation enabled.

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.squareup.okhttp3.maventest;

import java.io.IOException;

import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

public class SampleHttpClient {
  private final OkHttpClient client;

  public SampleHttpClient() {

	public final fun -deprecated_headers ()Lokhttp3/Headers;
	public final fun -deprecated_method ()Ljava/lang/String;
	public final fun -deprecated_path ()Ljava/lang/String;
	public final fun -deprecated_response ()Lokhttp3/mockwebserver/MockResponse;
	public fun <init> (Ljava/lang/String;Ljava/lang/String;Lokhttp3/Headers;Lokhttp3/mockwebserver/MockResponse;)V
	public final fun headers ()Lokhttp3/Headers;
	public final fun method ()Ljava/lang/String;

        server minio3:9001;
        server minio4:9001;
    }

    server {
        listen       9000;
        listen  [::]:9000;
        server_name  localhost;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;

    This class is in the `logging-interceptor` artifact.
 *  New: `Headers.Builder.addUnsafeNonAscii()` allows non-ASCII values to be added without an
    immediate exception.
 *  New: Headers can be redacted in `HttpLoggingInterceptor`.
 *  New: `Headers.Builder` now accepts dates.
 *  New: OkHttp now accepts `java.time.Duration` for timeouts on Java 8+ and Android 26+.

        .header("User-Agent", "OkHttp Headers.java")
        .addHeader("Accept", "application/json; q=0.5")
        .addHeader("Accept", "application/vnd.github.v3+json")
        .build()

    client.newCall(request).execute().use { response ->
      if (!response.isSuccessful) throw IOException("Unexpected code $response")

      println("Server: ${response.header("Server")}")

        assertNotNull("Allow-Methods header should be set", responseHeaders.get("Access-Control-Allow-Methods"));
        assertNotNull("Allow-Headers header should be set", responseHeaders.get("Access-Control-Allow-Headers"));
        assertNotNull("Max-Age header should be set", responseHeaders.get("Access-Control-Max-Age"));

In this case the middleware will intercept the incoming request and respond with appropriate CORS headers, and either a `200` or `400` response for informational purposes.

### Simple requests { #simple-requests }

Any request with an `Origin` header. In this case the middleware will pass the request through as normal, but will include appropriate CORS headers on the response.

    assertThat(request.header("Host")).isNull()
    assertThat(request.header("Accept-Encoding")).isNull()

    // No extra headers in the application's response.
    val response = client.newCall(request).execute()
    assertThat(request.header("Content-Encoding")).isNull()
    assertThat(response.body.string()).isEqualTo("abcabcabc")
  }

  @Test
  fun networkInterceptorsCanChangeRequestMethodFromGetToPost() {

    val headers = response.headers
    assertThat(headers.size).isEqualTo(1)
    assertThat(headers.name(0)).isEqualTo(":version")
    assertThat(headers.value(0)).isEqualTo("HTTP/1.1")
  }

  @Test fun http2HeadersListDropsForbiddenHeadersHttp2() {
    val request =
      Request
        .Builder()
        .url("http://square.com/")
        .header("Connection", "upgrade")