// Check all CORS headers are present
        assertNotNull("Allow-Origin header should be set", responseHeaders.get("Access-Control-Allow-Origin"));
        assertNotNull("Allow-Methods header should be set", responseHeaders.get("Access-Control-Allow-Methods"));
        assertNotNull("Allow-Headers header should be set", responseHeaders.get("Access-Control-Allow-Headers"));

iam-assets/policies.json {"consoleAdmin":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:*"]},{"Effect":"Allow","Action":["kms:*"]},{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::*"]}]},diagnostics":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:ConsoleLog","admin:ServerInfo","admin:TopLocksInfo","admin:OBDInfo","admin:BandwidthMonitor","admin:Prometheus","admin:Profiling","admin:ServerTrace"],"Resource":["arn:aws:s3:::*"]}]},rea...

 * FILE_WRITE_DATA</code>) and the target file has the following security
 * descriptor ACEs:
 *
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 *
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

* `allow_origin_regex` - A regex string to match against origins that should be permitted to make cross-origin requests. e.g. `'https://.*\.example\.org'`.
* `allow_methods` - A list of HTTP methods that should be allowed for cross-origin requests. Defaults to `['GET']`. You can use `['*']` to allow all standard methods.

    public static final int FLAGS_INHERITED = 0x10;

    boolean allow;
    int flags;
    int access;
    SID sid;

    /**
     * Returns true if this ACE is an allow ACE and false if it is a deny ACE.
     * @return true if this is an allow ACE, false if it is a deny ACE
     */
    public boolean isAllow() {
        return allow;
    }

    /**

can make. We therefore encourage reporting security issues with the code
contained in this repository.

If you believe you have discovered a security vulnerability, please follow the

```

NOTE: `http://endpoint:port/path` is a placeholder value to indicate the URL format, please change this accordingly as per your configuration.

MinIO also honors environment variable for HTTP target logging as shown below, this setting will override the endpoint settings in the MinIO server config.

```
export MINIO_LOGGER_WEBHOOK_ENABLE_target1="on"
export MINIO_LOGGER_WEBHOOK_AUTH_TOKEN_target1="token"

    @BeforeEach
    void setUp() {
        ace = new ACE();
    }

    @Test
    @DisplayName("Test decode with allow ACE")
    void testDecodeAllowACE() throws Exception {
        // Prepare test data - Allow ACE
        testBuffer = new byte[100];
        testBuffer[0] = 0x00; // Allow ACE
        testBuffer[1] = 0x03; // FLAGS_OBJECT_INHERIT | FLAGS_CONTAINER_INHERIT
        testBuffer[2] = 0x20; // Size low byte (32)

      .build()

  @Test
  fun upgrade() {
    val socketHandler =
      MockSocketHandler()
        .apply {
          receiveRequest("client says hello\n")
          sendResponse("server says hello\n")
          receiveRequest("client says goodbye\n")
          sendResponse("server says goodbye\n")
          exhaustResponse()
          exhaustRequest()
        }

   |-->
  <servers>
    <!-- server
     | Specifies the authentication information to use when connecting to a particular server, identified by
     | a unique name within the system (referred to by the 'id' attribute below).
     |
     | NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
     |       used together.
     |
    <server>
      <id>deploymentRepo</id>