* HTTP Basic Authentifizierung.
* **OAuth2** (auch mit **JWT Tokens**). Siehe dazu das Tutorial zu [OAuth2 mit JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* API Schlüssel in:
    * Header-Feldern.
    * Anfrageparametern.
    * Cookies, usw.

Zusätzlich alle Sicherheitsfunktionen von Starlette (inklusive **Session Cookies**).

    </magic>
  </mime-type>
  <mime-type type="application/x-axcrypt">
    <_comment>AxCrypt</_comment>
    <glob pattern="*.axx" />
    <magic priority="60">
      <!-- AxCrypt block header, skip length field, then Header of type Preamble -->
      <match value="0xc0b9072e4f93f146a015792ca1d9e821" type="string" offset="0">
         <match value="2" type="big32" offset="17" />
      </match>
    </magic>
  </mime-type>

### Typannotationen und Tooling

Sehen wir uns zunächst an, wie Editor, mypy und andere Tools dies sehen würden.

`BaseUser` verfügt über die Basis-Felder. Dann erbt `UserIn` von `BaseUser` und fügt das Feld `Passwort` hinzu, sodass dass es nun alle Felder beider Modelle hat.

Wir annotieren den Funktionsrückgabetyp als `BaseUser`, geben aber tatsächlich eine `UserIn`-Instanz zurück.

Mas isso só permitirá certos tipos de comunicação, excluindo tudo que envolva credenciais: cookies, cabeçalhos de autorização como aqueles usados ​​com Bearer Tokens, etc.

Então, para que tudo funcione corretamente, é melhor especificar explicitamente as origens permitidas.

## Usar `CORSMiddleware`

  }

  @Test
  fun headersPostWithHeaderOverrides() {
    setLevel(Level.HEADERS)
    extraNetworkInterceptor =
      Interceptor { chain: Interceptor.Chain ->
        chain.proceed(
          chain
            .request()
            .newBuilder()
            .header("Content-Length", "2")
            .header("Content-Type", "text/plain-ish")
            .build(),
        )
      }

# ========================================================================================
# Framework Default
# =================
# ----------------------------------------------------------
# Lasta Taglib
# ------------
errors.header = <ul class="has-error">
errors.footer = </ul>
errors.prefix = <li><i class="fa fa-exclamation-circle"></i>
errors.suffix = </li>
# ----------------------------------------------------------
# Javax Validator

# ========================================================================================
# Framework Default
# =================
# ----------------------------------------------------------
# Lasta Taglib
# ------------
errors.header = <ul class="has-error">
errors.footer = </ul>
errors.prefix = <li><i class="fa fa-exclamation-circle"></i>
errors.suffix = </li>
# ----------------------------------------------------------
# Javax Validator

    val c = this[i]
    // The WHATWG Host parsing rules accepts some character codes which are invalid by
    // definition for OkHttp's host header checks (and the WHATWG Host syntax definition). Here
    // we rule out characters that would cause problems in host headers.
    if (c <= '\u001f' || c >= '\u007f') {
      return true
    }
    // Check for the characters mentioned in the WHATWG Host parsing spec:

        final int avPairsLength = avPairs != null ? avPairs.length : 0;
        final byte[] temp = new byte[28 + avPairsLength + 4];

        Encdec.enc_uint32le(0x00000101, temp, 0); // Header
        Encdec.enc_uint32le(0x00000000, temp, 4); // Reserved
        Encdec.enc_uint64le(nanos1601, temp, 8);
        System.arraycopy(clientChallenge, 0, temp, 16, 8);

 * lowercase, but all others are left as-is.
 *
 * <p>Note that this specifically does <strong>not</strong> represent the value of the MIME {@code
 * Content-Type} header and as such has no support for header-specific considerations such as line
 * folding and comments.
 *
 * <p>For media types that take a charset the predefined constants default to UTF-8 and have a