if ($icon.length > 0) {
      $icon.removeClass("fa fa-search").addClass("spinner-border spinner-border-sm");
    }
    setTimeout(function() {
      $searchButton.prop("disabled", false);
      var $spinner = $searchButton.find(".spinner-border");
      if ($spinner.length > 0) {
        $spinner.removeClass("spinner-border spinner-border-sm").addClass("fa fa-search");
      }
    }, BUTTON_DISABLE_DURATION);
    return true;

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

## Simple HTTP Basic Auth { #simple-http-basic-auth }

* Import `HTTPBasic` and `HTTPBasicCredentials`.

	margin: 20px 0;
}

.notification {
	text-align: center;
}

ul.has-error {
	color: #dd4b39 !important;
	list-style-type: none;
	padding: 0;
}

.form-group .has-error + .form-control {
	border-color: #dd4b39 !important;
	box-shadow: none;
}

.sidebar-mini.sidebar-collapse .sidebar-search {
	display: none !important;
}

input[type="file"].form-control:not([type="file"]) {
	height: 0% !important;

```
http://localhost:8000/v1/agents/multivac
```

Obwohl der Host der bösartigen Website und der lokalen App unterschiedlich ist, löst der Browser keinen CORS-Preflight-Request aus, weil:

* sie ohne Authentifizierung läuft, es müssen keine Credentials gesendet werden.
* der Browser annimmt, dass kein JSON gesendet wird (wegen des fehlenden `Content-Type`-Headers).

import jcifs.internal.util.SMBUtil;
import jcifs.util.Hexdump;

/**
 * SMB2 Oplock Break notification message. This server-initiated message notifies the client
 * that an opportunistic lock must be broken due to conflicting access from another client.
 *
 * @author mbechler
 *
 */
public class Smb2OplockBreakNotification extends ServerMessageBlock2Response {

    private byte oplockLevel;
    private byte[] fileId;

            // Log circuit breaker rejection
            auditLogger.logSecurityViolation("Circuit breaker open for SMB connection",
                    java.util.Map.of("address", address.getHostAddress(), "port", String.valueOf(port)));
            throw new IOException("Connection rejected by circuit breaker: " + e.getMessage(), e);
        } catch (RuntimeException e) {

```
http://localhost:8000/v1/agents/multivac
```

Even though the host of the malicious website and the local app is different, the browser won't trigger a CORS preflight request because:

* It's running without any authentication, it doesn't have to send any credentials.
* The browser thinks it's not sending JSON (because of the missing `Content-Type` header).

  private OverflowAvoidingLockSupport() {}

  static void parkNanos(@Nullable Object blocker, long nanos) {
    // Even in the extremely unlikely event that a thread unblocks itself early after only 68 years,
    // this is indistinguishable from a spurious wakeup, which LockSupport allows.
    LockSupport.parkNanos(blocker, min(nanos, MAX_NANOSECONDS_THRESHOLD));
  }

      override fun lookup(hostname: String): List<InetAddress> {
        try {
          return InetAddress.getAllByName(hostname).toList()
        } catch (e: NullPointerException) {
          throw UnknownHostException("Broken system behaviour for dns lookup of $hostname").apply {
            initCause(e)
          }
        }
      }
    }
  }

  /**
   * Test EqualsTester with no equals or not equals objects. This checks proper handling of null,
   * incompatible class and reflexive tests
   */
  public void testTestEqualsEmptyLists() {
    equalsTester.addEqualityGroup(reference);
    equalsTester.testEquals();
  }

  /**
   * Test EqualsTester after populating equalObjects. This checks proper handling of equality and
   * verifies hashCode for valid objects
   */