"github.com/minio/pkg/v3/env"
)

var (
	// De-facto standard header keys.
	xForwardedFor    = http.CanonicalHeaderKey("X-Forwarded-For")
	xForwardedHost   = http.CanonicalHeaderKey("X-Forwarded-Host")
	xForwardedPort   = http.CanonicalHeaderKey("X-Forwarded-Port")
	xForwardedProto  = http.CanonicalHeaderKey("X-Forwarded-Proto")
	xForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme")

 * as a single request/response exchange.
 *
 * ## Modern TLS
 *
 * There are trade-offs when selecting which options to include when negotiating a secure connection
 * to a remote host. Newer TLS options are quite useful:
 *
 *  * Server Name Indication (SNI) enables one IP address to negotiate secure connections for
 *    multiple domain names.
 *

  TF_Function* grad_func;
  DefineFunction("MyGrad", &grad_func);

  // Add func and its gradient to host graph
  TF_GraphCopyFunction(host_graph_, func_, grad_func, s_);
  ASSERT_EQ(TF_OK, TF_GetCode(s_)) << TF_Message(s_);

  // Verify that function and its grad are in host graph's GraphDef
  GraphDef gdef;
  GetGraphDef(host_graph_, &gdef);
  std::vector<std::string> func_names = GetFuncNames(gdef);

	hosts := make([]string, len(records))
	for i, r := range records {
		hosts[i] = net.JoinHostPort(r.Host, string(r.Port))
	}
	return hosts
}

// returns an online host (and corresponding port) from a slice of DNS records
func getHostFromSrv(records []dns.SrvRecord) (host string) {
	hosts := getHostsSlice(records)
	rng := rand.New(rand.NewSource(time.Now().UTC().UnixNano()))
	var d net.Dialer

        @CsvSource({ "'smb://user:password@server/share', 'smb://user:******@server/share'",
                "'smb://domain\\user:secret@host/path', 'smb://domain\\user:******@host/path'",
                "'smb2://admin:admin123@192.168.1.1/folder', 'smb2://admin:******@192.168.1.1/folder'",
                "'smbs://test:p@******@****.***/share', 'smbs://test:******@example.com/share'" })

```
export MINIO_IDENTITY_TLS_ENABLE=on
```

## Example

MinIO exposes a custom S3 STS API endpoint as `Action=AssumeRoleWithCertificate`. A client has to send an HTTP `POST` request to `https://<host>:<port>?Action=AssumeRoleWithCertificate&Version=2011-06-15`. Since the authentication and authorization happens via X.509 certificates the client has to send the request over **TLS** and has to provide
a client certificate.

假設你打造了一個在本機執行 AI 代理（AI agent）的方法。

它提供一個 API：

```
http://localhost:8000/v1/agents/multivac
```

同時也有一個前端：

```
http://localhost:8000
```

/// tip | 提示

請注意兩者的主機（host）相同。

///

接著你可以透過前端讓 AI 代理代你執行動作。

由於它在本機執行、而非公開的網際網路上，你決定不設定任何身分驗證，只信任對本機網路的存取。

然後你的某位使用者可能安裝並在本機執行它。

接著他可能打開一個惡意網站，例如：

```
https://evilhackers.example.com
```

            // For testing purposes, return this instance (allowed by return type)
            return this;
        }

        @Override
        public SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning)
                throws SmbException {
            // Not used within these tests
            throw new SmbException("not used in tests");
        }

        @Override

                    return "cache";
                case FessConfig.INDEX_FIELD_DIGEST:
                    return "digest";
                case FessConfig.INDEX_FIELD_HOST:
                    return "host";
                case FessConfig.INDEX_FIELD_SITE:
                    return "site";
                case FessConfig.INDEX_FIELD_content_length:
                    return "content_length";

                    new ContentNotFoundException(urlQueue.getParentUrl(), url));
        }
    }

    /**
     * Stores a child URL in the crawling queue with duplicate host handling.
     * This method applies duplicate host conversion before storing the URL.
     *
     * @param childUrl the child URL to store
     * @param parentUrl the parent URL that referenced this child URL