Guillaume Nodet <******@****.***> 1729859506 +0200

## Use `CORSMiddleware` { #use-corsmiddleware }

You can configure it in your **FastAPI** application using the `CORSMiddleware`.

* Import `CORSMiddleware`.
* Create a list of allowed origins (as strings).
* Add it as a "middleware" to your **FastAPI** application.

You can also specify whether your backend allows:

            assertTrue(e.getMessage().contains("not allowed"));
        }

        // Should allow other paths
        String allowed = validator.validatePath("\\share\\allowed\\file.txt");
        assertEquals("\\share\\allowed\\file.txt", allowed);
    }

    @Test
    public void testWhitelist() throws Exception {
        validator.addToWhitelist("\\share\\allowed");

        // Should allow whitelisted path

    }

    /**
     * Creates a custom filter that allows only the specified class patterns.
     * <p>
     * Patterns can be exact class names or use wildcards with '*' at the end.
     * For example: "com.example.*" allows all classes in the com.example package.
     * </p>
     *
     * @param allowedPatterns the patterns of classes to allow

        }

        /**
         * Checks if the given path is allowed according to this directive.
         * According to RFC 9309:
         * 1. Find the longest matching pattern (by priority length)
         * 2. If both Allow and Disallow patterns match with the same length, Allow takes precedence
         * 3. If no pattern matches, the path is allowed by default
         *
         * @param path the path to check

        // Normal authentication should be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "First attempt should be allowed");

        // Record success
        rateLimiter.recordSuccess("user1", "192.168.1.1");

        // Should still be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "After success should be allowed");
    }

    @Test

    }

    /**
     * CORS header for specifying allowed origin.
     */
    protected static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";

    /**
     * CORS header for specifying allowed headers.
     */
    protected static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";

    /**
     * CORS header for specifying allowed HTTP methods.
     */

	// ErrPreloadNotAllowed preload is not allowed when count is used
	ErrPreloadNotAllowed = errors.New("preload is not allowed when count is used")
	// ErrDuplicatedKey occurs when there is a unique key constraint violation
	ErrDuplicatedKey = errors.New("duplicated key not allowed")
	// ErrForeignKeyViolated occurs when there is a foreign key constraint violation

    }
    expectUnchanged();
  }

  @MapFeature.Require(absent = SUPPORTS_PUT)
  public void testReplaceEntry_unsupportedAbsentKey() {
    try {
      getMap().replace(k3(), v3(), v4());
    } catch (UnsupportedOperationException tolerated) {
      // the operation would be a no-op, so exceptions are allowed but not required
    }
    expectUnchanged();

    }
    expectUnchanged();
  }

  @MapFeature.Require(absent = SUPPORTS_PUT)
  public void testReplaceEntry_unsupportedAbsentKey() {
    try {
      getMap().replace(k3(), v3(), v4());
    } catch (UnsupportedOperationException tolerated) {
      // the operation would be a no-op, so exceptions are allowed but not required
    }
    expectUnchanged();