//	    modify the user-agent.
//
//	Authorization:
//
//	    Is skipped for obvious reasons
var ignoredHeaders = map[string]bool{
	"Authorization": true,
	"User-Agent":    true,
}

// Headers to ignore in streaming v4
var ignoredStreamingHeaders = map[string]bool{
	"Authorization": true,
	"Content-Type":  true,
	"Content-Md5":   true,
	"User-Agent":    true,
}

### Action (Controller)
- Hierarchy: `TypicalAction` → `FessBaseAction` → `FessAdminAction`/`FessSearchAction`
- `@Execute` marks web endpoints
- `@Resource` for DI
- `@Secured({ "role", "role-view" })` for authorization
- Return `HtmlResponse` for JSP, `JsonResponse` for APIs

### Service
- Inject behaviors (Bhv) for data access
- Use `OptionalEntity<T>` for nullable returns
- Plain classes (no extends/implements)

    httpx_timeout: int = 30


def get_graphql_response(
    *,
    settings: Settings,
    query: str,
    after: str | None = None,
) -> dict[str, Any]:
    headers = {"Authorization": f"token {settings.github_token.get_secret_value()}"}
    variables = {"after": after}
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,

      Header("accept-language", ""),
      Header("accept-ranges", ""),
      Header("accept", ""),
      Header("access-control-allow-origin", ""),
      Header("age", ""),
      Header("allow", ""),
      Header("authorization", ""),
      Header("cache-control", ""),
      Header("content-disposition", ""),
      Header("content-encoding", ""),
      Header("content-language", ""),
      Header("content-length", ""),

#### Node Authorization

        Address dc;
        final boolean offerBasic = this.enableBasic && (this.insecureBasic || request.isSecure());
        final String msg = request.getHeader("Authorization");
        if (msg != null && (msg.startsWith("NTLM ") || offerBasic && msg.startsWith("Basic "))) {
            if (this.loadBalance) {

		// Test case - 2.
		// Test case with no sign v4 Algorithm prefix.
		// A valid authorization string should begin(prefix)
		{
			inputV4AuthStr:    "no-singv4AlgorithmPrefix",
			expectedAuthField: signValues{},
			expectedErrCode:   ErrSignatureVersionNotSupported,
		},
		// Test case - 3.
		// Test case with missing fields.
		// A valid authorization string should have 3 fields.
		{
			inputV4AuthStr:    signV4Algorithm,

func calculateSeedSignature(r *http.Request, trailers bool) (cred auth.Credentials, signature string, region string, date time.Time, errCode APIErrorCode) {
	// Copy request.
	req := *r

	// Save authorization header.
	v4Auth := req.Header.Get(xhttp.Authorization)

	// Parse signature version '4' header.
	signV4Values, errCode := parseSignV4(v4Auth, globalSite.Region(), serviceS3)
	if errCode != ErrNone {

    assertThat(response.body.string()).isEqualTo("Successful auth!")
    val denied = server.takeRequest()
    assertThat(denied.headers["Authorization"]).isNull()
    val accepted = server.takeRequest()
    assertThat(accepted.requestLine).isEqualTo("GET / HTTP/2")
    assertThat(accepted.headers["Authorization"]).isEqualTo(credential)
  }

  @Test
  fun redirect() {
    server.enqueue(
      MockResponse(

        UniAddress dc;
        final boolean offerBasic = enableBasic && (insecureBasic || request.isSecure());
        final String msg = request.getHeader("Authorization");
        if (msg != null && (msg.startsWith("NTLM ") || offerBasic && msg.startsWith("Basic "))) {
            if (loadBalance) {
                dc = new UniAddress(NbtAddress.getByName(domainController, 0x1C, null));