}

    // TODO take repo mans into account as one may be aggregating prefixes of many
    // TODO collect at the root of the repository, read the one at the root, and fetch remote if something is missing
    // or the user forces the issue

    public Plugin findPluginForPrefix(String prefix, MavenSession session) throws NoPluginFoundForPrefixException {
        // [prefix]:[goal]

        if (session.getCurrentProject() != null) {

預設情況下，FastAPI 會對 JSON 請求主體使用嚴格的 `Content-Type` 標頭檢查。也就是說，JSON 請求必須包含有效的 `Content-Type` 標頭（例如 `application/json`），請求主體（body）才能被解析為 JSON。

## CSRF 風險 { #csrf-risk }

這個預設行為在某個非常特定的情境下，能對一類跨站請求偽造（CSRF, Cross-Site Request Forgery）攻擊提供保護。

這類攻擊利用了瀏覽器在以下情況下允許腳本發送請求而不進行任何 CORS 預檢（preflight）檢查的事實：

- 沒有 `Content-Type` 標頭（例如以 `fetch()` 並使用 `Blob` 作為 body）
- 且沒有送出任何身分驗證憑證

這種攻擊主要與以下情境相關：

- 應用在本機（例如 `localhost`）或內部網路中執行

import java.util.concurrent.ConcurrentSkipListMap;
import org.jspecify.annotations.NullUnmarked;

/**
 * A microbenchmark that tests the performance of get() and iteration on various map
 * implementations. Forked from {@link SetContainsBenchmark}.
 *
 * @author Nicholaus Shupe
 */
@NullUnmarked
public class MapBenchmark {
  @Param({"Hash", "LinkedHM", "MapMaker1", "Immutable"})
  private Impl impl;

기본적으로 **FastAPI**는 JSON 요청 본문에 대해 엄격한 `Content-Type` 헤더 검사를 사용합니다. 이는 JSON 요청의 본문을 JSON으로 파싱하려면 유효한 `Content-Type` 헤더(예: `application/json`)를 반드시 포함해야 함을 의미합니다.

## CSRF 위험 { #csrf-risk }

이 기본 동작은 매우 특정한 시나리오에서 **Cross-Site Request Forgery (CSRF)** 공격의 한 유형에 대한 보호를 제공합니다.

이러한 공격은 브라우저가 다음과 같은 경우 CORS 사전 요청(preflight) 검사를 수행하지 않고 스크립트가 요청을 보내도록 허용한다는 점을 악용합니다:

- `Content-Type` 헤더가 없음(예: `Blob` 본문과 함께 `fetch()` 사용)
- 그리고 어떠한 인증 자격 증명도 보내지 않음

        i.set(newEntry);
        return;
      }
    }

    throw new IllegalArgumentException(
        Platform.format("key %s not found in entries %s", newEntry.getKey(), expected));
  }

  /**
   * Wrapper for {@link Map#get(Object)} that forces the caller to pass in a key of the same type as
   * the map. Besides being slightly shorter than code that uses {@link #getMap()}, it also ensures

   * the corresponding stream allocation. This test keeps those response bodies alive and reads
   * them after the redirect has completed. This forces a connection to not be reused where it would
   * be otherwise.
   *
   *
   * This test leaks a response body by not closing it.
   *
   * https://github.com/square/okhttp/issues/2409
   */
  @Test

    throw new UnsupportedOperationException();
  }

  /**
   * {@inheritDoc}
   *
   * <p>This implementation of {@code getAllPresent} lacks any insight into the internal cache data
   * structure, and is thus forced to return the query keys instead of the cached keys. This is only
   * possible with an unsafe cast which requires {@code keys} to actually be of type {@code K}.
   *
   * @since 11.0
   */
  /*

            String message;
            if (isMultiModule) {
                // Multi-module project: artifactId may match any declared module name
                message = String.format(
                        "Cannot attach artifact to project: groupId and version must match the project, "
                                + "and artifactId must match either the project or a declared module name.%n"

         * the case of the Samsung bug, and we do that by breaking AtomicReferenceFieldUpdater.
         * Breaking AtomicReferenceFieldUpdater not only forces AggregateFutureState to fall back to
         * another implementation but also forces AbstractFutureState to be able to do the
         * same—hence the try-catch here.
         *

                                    + repository.getId() + " has elapsed or updates are forced.");
                }
            }
        }
    }

    @Override
    public void getArtifact(
            Artifact artifact,
            List<ArtifactRepository> remoteRepositories,
            TransferListener downloadMonitor,
            boolean force)
            throws TransferFailedException, ResourceDoesNotExistException {