<property name="ignoreFormat" value="^(threadPool)$"/>
    </module>
    -->

    <!-- We don't use Java's builtin serialization and we suppress all warning
      about it. The flip side of that coin is that we shouldn't _try_ to use
      it. We can't outright ban it with ForbiddenApis because it complain about
      every we reference a class that implements Serializable like String or
      Exception.

# or more contributor license agreements. Licensed under the Elastic License
# 2.0 and the Server Side Public License, v 1; you may not use this file except
# in compliance with, at your election, the Elastic License 2.0 or the Server
# Side Public License, v 1.

define_opts = {
  autostart: false
}.freeze

Vagrant.configure(2) do |config|

 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0 and the Server Side Public License, v 1; you may not use this file except
 * in compliance with, at your election, the Elastic License 2.0 or the Server
 * Side Public License, v 1.
 */

package org.elasticsearch.gradle.internal.test;

import org.elasticsearch.gradle.Architecture;

기본적으로 **FastAPI**는 JSON 요청 본문에 대해 엄격한 `Content-Type` 헤더 검사를 사용합니다. 이는 JSON 요청의 본문을 JSON으로 파싱하려면 유효한 `Content-Type` 헤더(예: `application/json`)를 반드시 포함해야 함을 의미합니다.

## CSRF 위험 { #csrf-risk }

이 기본 동작은 매우 특정한 시나리오에서 **Cross-Site Request Forgery (CSRF)** 공격의 한 유형에 대한 보호를 제공합니다.

이러한 공격은 브라우저가 다음과 같은 경우 CORS 사전 요청(preflight) 검사를 수행하지 않고 스크립트가 요청을 보내도록 허용한다는 점을 악용합니다:

- `Content-Type` 헤더가 없음(예: `Blob` 본문과 함께 `fetch()` 사용)
- 그리고 어떠한 인증 자격 증명도 보내지 않음

          </association>
        </field>
        <field>
          <name>site</name>
          <description>Information needed for deploying the web site of the project.</description>
          <version>4.0.0+</version>
          <association>
            <type>Site</type>
          </association>
        </field>
        <field>
          <name>downloadUrl</name>

- To be able to easily get the temporary credentials to upload to a prefix. Make it possible for a client to upload a whole folder using the session. The server side applications need not create a presigned URL and serve to the client for each file. Since, the client would have the session it can do it by itself.

   * trouble than just using Object.class.)
   *
   * Then we declare the getters for these fields as @GwtIncompatible so that no one can try to use
   * them under J2CL—or, as an unfortunate side effect, under GWT. We do still give the fields
   * themselves their proper values under GWT, since GWT's EnumMap does need the Class instance.
   *

   * trouble than just using Object.class.)
   *
   * Then we declare the getters for these fields as @GwtIncompatible so that no one can try to use
   * them under J2CL—or, as an unfortunate side effect, under GWT. We do still give the fields
   * themselves their proper values under GWT, since GWT's EnumMap does need the Class instance.
   *

              <exclude>org.apache.maven.model.Scm#setChildScmUrlInheritAppendPath(boolean):METHOD_REMOVED</exclude>
              <exclude>org.apache.maven.model.Site#setChildSiteUrlInheritAppendPath(boolean):METHOD_REMOVED</exclude>
              <exclude>org.apache.maven.model.io.xpp3.MavenXpp3Reader#contentTransformer</exclude>

			ClientSessionCache:       tls.NewLRUClientSessionCache(64),
			CipherSuites:             crypto.TLSCiphersBackwardCompatible(),
			CurvePreferences:         crypto.TLSCurveIDs(),
		}
		// This is only to support client side certificate authentication
		// https://coreos.com/etcd/docs/latest/op-guide/security.html
		etcdClientCertFile := env.Get(EnvEtcdClientCert, kvs.Get(ClientCert))