Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
.
All complaints will be reviewed and investigated promptly and fairly.

All community leaders are obligated to respect the privacy and security of the
reporter of any incident.

## Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining

* `allow_headers` - Una lista de headers de request HTTP que deberían estar soportados para requests cross-origin. Por defecto es `[]`. Puedes usar `['*']` para permitir todos los headers. Los headers `Accept`, `Accept-Language`, `Content-Language` y `Content-Type` siempre están permitidos para <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests"...

def test_security_http_basic_invalid_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == "Basic"
    assert response.json() == {"detail": "Not authenticated"}


def test_security_http_basic_non_basic_credentials():

			continue
		}
		t.Run(fmt.Sprintf("%d-locks", locks), func(t *testing.T) {
			// Number of readers per lock...
			for _, readers := range []int{1, 10, 100} {
				if locks > 1000 && readers > 1 {
					continue
				}
				if testing.Short() && readers > 10 {
					continue
				}
				t.Run(fmt.Sprintf("%d-read", readers), func(t *testing.T) {
					l := newLocker()
					for range locks {
						var tmp [16]byte

  const val FLAG_ACK = 0x1 // Used for settings and ping.
  const val FLAG_END_STREAM = 0x1 // Used for headers and data.
  const val FLAG_END_HEADERS = 0x4 // Used for headers and continuation.
  const val FLAG_END_PUSH_PROMISE = 0x4
  const val FLAG_PADDED = 0x8 // Used for headers and data.
  const val FLAG_PRIORITY = 0x20 // Used for headers.
  const val FLAG_COMPRESSED = 0x20 // Used for data.

  /** Lookup table for valid frame types. */

        "/items/",
        content='{"name": "Foo", "price": 50.5}',
        headers={"Content-Type": "application/json"},
    )
    assert response.status_code == 200, response.text


def test_geo_json(client: TestClient):
    response = client.post(
        "/items/",
        content='{"name": "Foo", "price": 50.5}',
        headers={"Content-Type": "application/geo+json"},
    )

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.http1

import okhttp3.Headers
import okio.BufferedSource

/**
 * Parse all headers delimited by "\r\n" until an empty line. This throws if headers exceed 256 KiB.
 */
class HeadersReader(
  val source: BufferedSource,
) {
  private var headerLimit = HEADER_LIMIT.toLong()

Each HTTP request contains a URL, a method (like `GET` or `POST`), and a list of headers. Requests may also contain a body: a data stream of a specific content type.

## [Responses](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-response/)

The response answers the request with a code (like 200 for success or 404 for not found), headers, and its own optional body.

## Rewriting Requests

}
```

### Rewriting Responses

Symmetrically, interceptors can rewrite response headers and transform the response body. This is generally more dangerous than rewriting request headers because it may violate the webserver's expectations!

    return out
  }

  private fun sendHeaderFrames(
    outFinished: Boolean,
    headers: List<Header>,
  ): Buffer {
    val out = Buffer()
    Http2Writer(out, true).headers(outFinished, expectedStreamId, headers)
    return out
  }

  private fun sendPushPromiseFrames(
    streamId: Int,
    headers: List<Header>,
  ): Buffer {
    val out = Buffer()