browser = playwright.chromium.launch(headless=False)
    # Update the viewport manually
    context = browser.new_context(viewport={"width": 960, "height": 1080})
    page = context.new_page()
    page.goto("http://localhost:8000/docs")
    page.get_by_label("post /heroes/").click()
    # Manually add the screenshot
    page.screenshot(path="docs/en/docs/img/tutorial/sql-databases/image01.png")

    # ---------------------
    context.close()

        String url = (String) buildDefaultUrlMethod.invoke(authenticator, "/sso/metadata");

        // Verify URL uses default localhost:8080
        assertNotNull(url);
        assertEquals("http://localhost:8080/sso/metadata", url);
    }

    @Test
    public void test_buildDefaultUrl_withCustomBaseUrl() throws Exception {

  <Description>Full Text Search for Your Documents.</Description>
  <Tags>Full Text Search</Tags>
  <Contact>******@****.***</Contact>
  <SearchForm>http://localhost:8080/fess/</SearchForm>
  <Url type="text/html" template="http://localhost:8080/fess/search?q={searchTerms}"/>
  <InputEncoding>UTF-8</InputEncoding>
  <OutputEncoding>UTF-8</OutputEncoding>

    context = browser.new_context(viewport={"width": 960, "height": 1080})
    browser = playwright.chromium.launch(headless=False)
    context = browser.new_context()
    page = context.new_page()
    page.goto("http://localhost:8000/docs")
    page.get_by_role("button", name="GET /items/ Read Items").click()
    page.get_by_role("button", name="Try it out").click()
    page.get_by_role("heading", name="Servers").click()
    # Manually add the screenshot

### 3. Command-Line Import

**Using curl with bulk files**:

```bash
# Import GSA configuration
curl -X POST "http://localhost:8080/api/admin/backup/upload" \
  -u admin:admin \
  -F "file=@gsaconfig.xml"

# Import bulk documents
curl -X POST "http://localhost:8080/api/admin/backup/upload" \
  -u admin:admin \
  -F "file=@documents.bulk"
```

### 4. Direct Crawler Configuration

这种攻击主要在以下情况下相关：

- 应用在本地（如 `localhost`）或内网中运行
- 且应用没有任何认证，假定来自同一网络的请求都可信。

## 攻击示例 { #example-attack }

假设你构建了一个本地运行的 AI 代理。

它提供了一个 API，地址为

```
http://localhost:8000/v1/agents/multivac
```

另有一个前端，地址为

```
http://localhost:8000
```

/// tip | 提示

注意它们的主机相同。

///

之后，你可以通过前端让该 AI 代理替你执行操作。

由于它在本地运行、而非暴露在开放的互联网，你决定不配置任何认证，只信任对本地网络的访问。

于是，你的某位用户安装并在本地运行了它。

</div>

Python tarafından otomatik oluşturulan, dosyanızın içindeki `__name__` adlı dahili değişkenin değeri `"__main__"` string'i olur.

Dolayısıyla şu bölüm:

```Python
    uvicorn.run(app, host="0.0.0.0", port=8000)
```

çalışır.

---

Ancak modülü (dosyayı) import ederseniz bu gerçekleşmez.

Yani örneğin `importer.py` adında başka bir dosyanız var ve içinde şunlar bulunuyorsa:

```Python
from myapp import app

  <Description>Full Text Search for Your Documents.</Description>
  <Tags>Full Text Search</Tags>
  <Contact>******@****.***</Contact>
  <SearchForm>http://localhost:8080/fess/</SearchForm>
  <Url type="text/html" template="http://localhost:8080/fess/search?q={searchTerms}"/>
  <InputEncoding>UTF-8</InputEncoding>
  <OutputEncoding>UTF-8</OutputEncoding>

### Browser-Benutzeroberfläche

- Suchoberfläche: http://localhost:8080/

![Suchoberfläche](https://fess.codelibs.org/_images/fess_search_result1.png)

- Administrationsoberfläche: http://localhost:8080/admin/ (Standard-Benutzername/Passwort ist admin/admin)

![Administrationsoberfläche](https://fess.codelibs.org/_images/fess_admin_dashboard.png)

### 浏览器 UI

- 搜索 UI: http://localhost:8080/

![Search UI](https://fess.codelibs.org/_images/fess_search_result1.png)

- 管理 UI: http://localhost:8080/admin/ （默认用户名/密码为 admin/admin）

![Admin UI](https://fess.codelibs.org/_images/fess_admin_dashboard.png)