1.19.13, Go 1.20.8, and Go 1.21.1.

Go 1.22 made it an error for a request or response read by a net/http
client or server to have an empty Content-Length header.
This behavior is controlled by the `httplaxcontentlength` setting.

Go 1.22 changed the behavior of ServeMux to accept extended
patterns and unescape both patterns and request paths by segment.
This behavior can be controlled by the

* Le support des **WebSockets**.
* Le support de **GraphQL**.
* Les <abbr title="En anglais: In-process background tasks">tâches d'arrière-plan.</abbr>
* Des évènements de démarrages et d'arrêt.
* Un client de test basé sur `request`
* **CORS**, GZip, Static Files, Streaming responses.
* Le support des **Sessions et Cookies**.
* Une couverture de test à 100 %.
* 100 % de la base de code avec des annotations de type.

// Note that content-length-range is checked in the API handler function PostPolicyBucketHandler.
// formValues is the already-canonicalized form values from the POST request.
func checkPostPolicy(formValues http.Header, postPolicyForm PostPolicyForm) error {
	// Check if policy document expiry date is still not reached
	if !postPolicyForm.Expiration.After(UTCNow()) {

  "disabled": false
}
```

<img src="/img/tutorial/security/image09.png">

If you open the developer tools, you could see how the data sent only includes the token, the password is only sent in the first request to authenticate the user and get that access token, but not afterwards:

<img src="/img/tutorial/security/image10.png">

/// note

Notice the header `Authorization`, with a value that starts with `Bearer `.

		statusCode: 401,
		cause:      err,
	}
}

func errEmptyRequestBody(err error) *s3Error {
	return &s3Error{
		code:       "EmptyRequestBody",
		message:    "Request body cannot be empty.",
		statusCode: 400,
		cause:      err,
	}
}

func errUnsupportedRangeHeader(err error) *s3Error {
	return &s3Error{
		code:       "UnsupportedRangeHeader",

func (fi *FileInfo) TierFreeVersion() bool {
	_, ok := fi.Metadata[ReservedMetadataPrefixLower+tierFVMarker]
	return ok
}

// IsRestoreObjReq returns true if fi corresponds to a RestoreObject request.
func (fi *FileInfo) IsRestoreObjReq() bool {
	if restoreHdr, ok := fi.Metadata[xhttp.AmzRestore]; ok {
		if restoreStatus, err := parseRestoreObjStatus(restoreHdr); err == nil {
			if !restoreStatus.Ongoing() {

	ErrUnknownWORMModeDirective = errors.New("unknown WORM mode directive")
	// ErrObjectLockMissingContentMD5 - indicates missing Content-MD5 header for put object requests with locking
	ErrObjectLockMissingContentMD5 = errors.New("content-MD5 HTTP header is required for Put Object requests with Object Lock parameters")
	// ErrObjectLockInvalidHeaders indicates that object lock headers are missing

* Затем добавьте комментарий, что Вы попробовали, чтобы я знал, что Вы это проверили. 🤓

## Создать пулл-реквест { #create-a-pull-request }

Вы можете [сделать вклад](contributing.md){.internal-link target=_blank} в исходный код пулл-реквестами, например:

* Исправить опечатку, найденную в документации.

pkg net/http, type PushOptions struct
pkg net/http, type PushOptions struct, Header Header
pkg net/http, type PushOptions struct, Method string
pkg net/http, type Request struct, GetBody func() (io.ReadCloser, error)
pkg net/http, type Server struct, IdleTimeout time.Duration
pkg net/http, type Server struct, ReadHeaderTimeout time.Duration

		if store.getUsersSysType() == MinIOUsersSysType {
			g, ok := c.iamGroupsMap[group]
			if !ok {
				continue
			}

			// Group is disabled, so we return no policy - this
			// ensures the request is denied.
			if g.Status == statusDisabled {
				continue
			}
		}

		policy, ok := c.iamGroupPolicyMap.Load(group)
		if !ok {
			continue
		}