The API Server will no longer proxy non-101 responses for upgrade requests. This could break proxied backends (such as an extension API server) that respond to upgrade requests with a non-101 response code. ([#92941](https://github.com/kubernetes/kubernetes/pull/92941), [@tallclair](https://github.com/tallclair)) [SIG API Machinery]
 
## Changes by Kind

### API Change

| token          | string     | Token from the AssumeRoleWithCustomToken call for external verification |

### Response

If the token is valid and access is approved, the plugin must return a `200` (OK) HTTP status code.

A `200 OK` Response should have `application/json` content-type and body with the following structure:

```json
{
    "user": <string>,
    "maxValiditySeconds": <integer>,

	Quorum *int `msgp:"omitempty"`
}

// ResponseCode is the response code for a locking request.
type ResponseCode uint8

// Response codes for a locking request.
const (
	RespOK ResponseCode = iota
	RespLockConflict
	RespLockNotInitialized
	RespLockNotFound
	RespErr
)

// LockResp is a locking request response.
type LockResp struct {
	Code ResponseCode
	Err  string

* Resolves an issue serving aggregated APIs backed by services that respond to requests to `/` with non-2xx HTTP responses ([#79895](https://github.com/kubernetes/kubernetes/pull/79895), [@deads2k](https://github.com/deads2k))

- Kube-apiserver: fixes a 1.32+ regression validating OIDC and anonymous authentication flags are mutually exclusive to authentication configuration. Fixes an issue where the kube-apiserver `/flagz` endpoint would not respond correctly with parsed flags value. ([#130332](https://github.com/kubernetes/kubernetes/pull/130332), [@richabanker](https://github.com/richabanker)) [SIG API Machinery and Testing]

* `expose_headers` - Indica cualquier header de response que debería ser accesible para el navegador. Por defecto es `[]`.
* `max_age` - Establece un tiempo máximo en segundos para que los navegadores almacenen en caché los responses CORS. Por defecto es `600`.

El middleware responde a dos tipos particulares de request HTTP...

### Requests de preflight CORS { #cors-preflight-requests }

#### Load Balancing

#### El tiempo de respuesta ayuda a los atacantes { #the-time-to-answer-helps-the-attackers }

  /**
   * Removes and returns the stream's received response headers, blocking if necessary until headers
   * have been received. If the returned list contains multiple blocks of headers the blocks will be
   * delimited by 'null'.
   *
   * @param callerIsIdle true if the caller isn't sending any more bytes until the peer responds.

* servir la aplicación
* servir la página

* la app
* la aplicación

* la request
* la response
* la response de error

* la path operation
* el decorador de path operation
* la path operation function

* el body
* el request body
* el response body
* el body JSON
* el body del formulario
* el body de archivo
* el cuerpo de la función

* el parámetro