}

	req, err := http.NewRequestWithContext(ctx, http.MethodPost, p.DiscoveryDoc.UserInfoEndpoint, nil)
	if err != nil {
		return nil, err
	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	if accessToken != "" {
		req.Header.Set("Authorization", "Bearer "+accessToken)
	}

	client := &http.Client{
		Transport: transport,
	}

	resp, err := client.Do(req)
	if err != nil {

            out.print(text);
        } catch (final IOException e) {
            throw new IORuntimeException(e);
        }
    }

    /**
     * Writes custom headers to the HTTP response.
     * @param response The HTTP servlet response.
     */
    protected abstract void writeHeaders(final HttpServletResponse response);

Sie können eine benutzerdefinierte Unterklasse von `StreamingResponse` erstellen, die den `Content-Type`-Header auf den Typ der gestreamten Daten setzt.

Zum Beispiel können Sie eine `PNGStreamingResponse` erstellen, die den `Content-Type`-Header mit dem Attribut `media_type` auf `image/png` setzt:

Заголовки прокси:

* [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For)
* [X-Forwarded-Proto](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto)
* [X-Forwarded-Host](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Host)

///

            checkPostMethod(requestBody, getItemEndpointSuffix());
        }
        refresh();

        // Download CSV
        Response response =
                given().contentType("application/json").header("Authorization", getTestToken()).when().get(getApiPath() + "/download");

        assertEquals(200, response.getStatusCode());
        String body = response.getBody().asString();

            checkPostMethod(requestBody, getItemEndpointSuffix());
        }
        refresh();

        // Download CSV
        Response response =
                given().contentType("application/json").header("Authorization", getTestToken()).when().get(getApiPath() + "/download");

        assertEquals(200, response.getStatusCode());
        String body = response.getBody().asString();

     * Each tag configuration follows the pattern: tagname[attr=value].classname#id
     *
     * Examples:
     * - "div.content" matches div elements with class "content"
     * - "span#header" matches span elements with ID "header"
     * - "p[data-type=ad]" matches p elements with data-type attribute equal to "ad"
     *
     * @param value the comma-separated string of pruned tag configurations

<link href="${fe:url('/css/font-awesome.min.css')}" rel="stylesheet"
	type="text/css" />
</head>
<body>
	<la:form action="/search" method="get" styleId="searchForm">
		${fe:facetForm()}${fe:geoForm()}
		<header>
			<nav class="navbar navbar-expand-md navbar-dark fixed-top bg-dark">
				<div id="content" class="container">
					<div class="navbar-brand"></div>

        f"docs_src.authentication_error_status_code.{request.param}"
    )

    client = TestClient(mod.app)
    return client


def test_get_me(client: TestClient):
    response = client.get("/me", headers={"Authorization": "Bearer secrettoken"})
    assert response.status_code == 200
    assert response.json() == {
        "message": "You are authenticated",
        "token": "secrettoken",
    }

///

/// info | Info

In diesem Beispiel verwenden wir zwei erfundene benutzerdefinierte Header `X-Key` und `X-Token`.

Aber in realen Fällen würden Sie bei der Implementierung von Sicherheit mehr Vorteile durch die Verwendung der integrierten [Sicherheits-Werkzeuge (siehe nächstes Kapitel)](../security/index.md) erzielen.