.header("Authorization", "Bearer " + user.getAuthenticationResult().accessToken())
                        .header("Accept", "application/json")
                        .header("Content-type", "application/json")
                        .body("{\"securityEnabledOnly\":false}")
                        .execute()) {

   *       according to the definition of the equivalence. The hash need not remain consistent from
   *       one execution of an application to another execution of the same application.
   *   <li>It is <i>distributable across equivalence</i>: for any references {@code x} and {@code
   *       y}, if {@code equivalent(x, y)}, then {@code hash(x) == hash(y)}. It is <i>not</i>

		ModTime:        time.Date(2023, time.March, 15, 11, 18, 4, 989906961, time.UTC),
		Size:           329289, Mode: 0x0, WrittenByVersion: 0x63c77756,
		Metadata: map[string]string{
			"content-type": "application/octet-stream", "etag": "f205307ef9f50594c4b86d9c246bee86", "x-minio-internal-erasure-upgraded": "5->6", "x-minio-internal-inline-data": "true",
		},
		Parts: []ObjectPartInfo{
			{
				ETag:       "",

   *       according to the definition of the equivalence. The hash need not remain consistent from
   *       one execution of an application to another execution of the same application.
   *   <li>It is <i>distributable across equivalence</i>: for any references {@code x} and {@code
   *       y}, if {@code equivalent(x, y)}, then {@code hash(x) == hash(y)}. It is <i>not</i>

import okhttp3.internal.platform.Platform
import okio.Buffer
import okio.GzipSource

/**
 * An OkHttp interceptor which logs request and response information. Can be applied as an
 * [application interceptor][OkHttpClient.interceptors] or as a [OkHttpClient.networkInterceptors].
 *
 * The format of the logs created by this class should not be considered stable and may

	"Resource": "arn:aws:s3:::mybucket",
	"Condition": {"IpAddress": {"aws:SourceIp": "203.0.113.0/24"}}
  }
}
```

- `aws:UserAgent` - This value is a string that contains information about the requester's client application. This string is generated by the client and can be unreliable. You can only use this context key from `mc` or other MinIO SDKs which standardize the User-Agent string.

     */
    @Resource
    protected FileAuthenticationBhv fileAuthenticationBhv;

    /**
     * Fess configuration object providing access to application settings.
     * Used for retrieving pagination and other configuration parameters.
     */
    @Resource
    protected FessConfig fessConfig;

    /**

<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="referrer" content="no-referrer">
<title>${f:h(displayQuery)}-<la:message
		key="labels.search_title" /></title>
<c:if test="${osddLink}">
	<link rel="search" type="application/opensearchdescription+xml"
		href="${fe:url('/osdd')}"
		title="<la:message key="labels.index_osdd_title" />" />
</c:if>
<link href="${fe:url('/css/bootstrap.min.css')}" rel="stylesheet"
	type="text/css" />

<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="referrer" content="no-referrer">
<title>${f:h(displayQuery)}-<la:message
		key="labels.search_title" /></title>
<c:if test="${osddLink}">
	<link rel="search" type="application/opensearchdescription+xml"
		href="${fe:url('/osdd')}"
		title="<la:message key="labels.index_osdd_title" />" />
</c:if>
<link href="${fe:url('/css/bootstrap.min.css')}" rel="stylesheet"
	type="text/css" />

# 嚴格的 Content-Type 檢查 { #strict-content-type-checking }

預設情況下，FastAPI 會對 JSON 請求主體使用嚴格的 `Content-Type` 標頭檢查。也就是說，JSON 請求必須包含有效的 `Content-Type` 標頭（例如 `application/json`），請求主體（body）才能被解析為 JSON。

## CSRF 風險 { #csrf-risk }

這個預設行為在某個非常特定的情境下，能對一類跨站請求偽造（CSRF, Cross-Site Request Forgery）攻擊提供保護。

這類攻擊利用了瀏覽器在以下情況下允許腳本發送請求而不進行任何 CORS 預檢（preflight）檢查的事實：

- 沒有 `Content-Type` 標頭（例如以 `fetch()` 並使用 `Blob` 作為 body）
- 且沒有送出任何身分驗證憑證

這種攻擊主要與以下情境相關：