def test_get_invalid_one_header_items(client: TestClient):
    response = client.get("/items/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "X-Token header invalid"}


@needs_py39
def test_get_invalid_one_users(client: TestClient):
    response = client.get("/users/", headers={"X-Token": "invalid"})
    assert response.status_code == 400, response.text

      MockResponse(
        code = 302,
        headers = headersOf("Location", "/b"),
      ),
    )
    server.enqueue(MockResponse())

    val request = Request(server.url("/"))
    val call = client.newCall(request)
    val response = call.execute()

    assertThat(response.request.url.encodedPath).isEqualTo("/b")
    assertThat(response.request.headers).isEqualTo(headersOf())
  }

}

// parsePostPolicyForm - Parse JSON policy string into typed PostPolicyForm structure.
func parsePostPolicyForm(r io.Reader) (PostPolicyForm, error) {
	reader, err := sanitizePolicy(r)
	if err != nil {
		return PostPolicyForm{}, err
	}

	d := json.NewDecoder(reader)

	// Convert po into interfaces and
	// perform strict type conversion using reflection.
	var rawPolicy struct {

		}
	}
}

// Tests validate metadata extraction from http headers.
func TestExtractMetadataHeaders(t *testing.T) {
	testCases := []struct {
		header     http.Header
		metadata   map[string]string
		shouldFail bool
	}{
		// Validate if there a known 'content-type'.
		{
			header: http.Header{
				"Content-Type": []string{"image/png"},
			},
			metadata: map[string]string{

      Request.Builder()
        .url(server.url("/"))
        .header("Connection", "close")
        .build()
    val requestB = Request(server.url("/"))
    assertConnectionNotReused(requestA, requestB)
  }

  @Test
  fun connectionsAreNotReusedWithResponseConnectionClose() {
    server.enqueue(
      MockResponse(
        headers = headersOf("Connection", "close"),
        body = "a",
      ),
    )

* 创建一个允许的源列表（由字符串组成）。
* 将其作为「中间件」添加到你的 **FastAPI** 应用中。

你也可以指定后端是否允许：

* 凭证（授权 headers，Cookies 等）。
* 特定的 HTTP 方法（`POST`，`PUT`）或者使用通配符 `"*"` 允许所有方法。
* 特定的 HTTP headers 或者使用通配符 `"*"` 允许所有 headers。

```Python hl_lines="2  6-11  13-19"
{!../../docs_src/cors/tutorial001.py!}
```

默认情况下，这个 `CORSMiddleware` 实现所使用的默认参数较为保守，所以你需要显式地启用特定的源、方法或者 headers，以便浏览器能够在跨域上下文中使用它们。

支持以下参数：

// and a source of randomness. If random is nil the default PRNG of the
// system (crypto/rand) is used.
func GenerateKey(extKey []byte, random io.Reader) (key ObjectKey) {
	if random == nil {
		random = rand.Reader
	}
	if len(extKey) != 32 { // safety check
		logger.CriticalIf(context.Background(), errors.New("crypto: invalid key length"))
	}
	var nonce [32]byte

		now := time.Now()
		if now.Sub(c.writeSetAt) > updateInterval {
			c.Conn.SetWriteDeadline(now.Add(c.writeDeadline + updateInterval))
			c.writeSetAt = now
		}
	}
}

// Read - reads data from the connection using wrapped buffered reader.
func (c *DeadlineConn) Read(b []byte) (n int, err error) {
	c.setReadDeadline()
	n, err = c.Conn.Read(b)
	return n, err
}

// Write - writes data to the connection.

                    if (properties != null && properties.length > 0) {
                        headers = new HashMap<>();
                        for (PlexusConfiguration property : properties) {
                            headers.put(
                                    property.getChild("name").getValue(),
                                    property.getChild("value").getValue());

    else:
        authenticate_value = "Bearer"
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": authenticate_value},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None: