## Risco de CSRF { #csrf-risk }

Esse comportamento padrão oferece proteção contra uma classe de ataques de **Cross-Site Request Forgery (CSRF)** em um cenário muito específico.

Esses ataques exploram o fato de que navegadores permitem que scripts enviem requisições sem fazer qualquer verificação de preflight de CORS quando:

  /**
   * Returns the result of applying this predicate to {@code input} (Java 8+ users, see notes in the
   * class documentation above). This method is <i>generally expected</i>, but not absolutely
   * required, to have the following properties:
   *
   * <ul>
   *   <li>Its execution does not cause any observable side effects.
   *   <li>The computation is <i>consistent with equals</i>; that is, {@link Objects#equal

import org.junit.jupiter.params.provider.ValueSource;
import org.mockito.junit.jupiter.MockitoExtension;

/**
 * Unit tests for {@link SmbComLogoffAndX}.
 */
@ExtendWith(MockitoExtension.class)
class SmbComLogoffAndXTest {

    @Test
    @DisplayName("constructor accepts null andx")
    void constructorWithNullAndx() {
        SmbComLogoffAndX msg = new SmbComLogoffAndX(null);

      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

    private static <T> T newImplementation(final Class<T> clazz, final String value) {
        try {
            return clazz.getConstructor(String.class).newInstance(value);
        } catch (final Exception e) {
            final Throwable cause = e instanceof InvocationTargetException ? e.getCause() : e;
            throw new IllegalArgumentException(String.format(CONVERSION_ERROR, value, clazz), cause);
        } catch (final LinkageError e) {

entities that control, are controlled by, or are under common control with 
that entity. For the purposes of this definition, "control" means (i) the 
power, direct or indirect, to cause the direction or management of such 
entity, whether by contract or otherwise, or (ii) ownership of fifty percent 
(50%) or more of the outstanding shares, or (iii) beneficial ownership of 
such entity. 

      Thread.State state = t.getState();
      switch (state) {
        case RUNNABLE:
        case BLOCKED:
          Thread.yield();
          break;
        case WAITING:
          return;
        default:
          throw new AssertionError("unexpected state: " + state);
      }
    }
  }

  abstract static class OldAbstractFuture<V> implements ListenableFuture<V> {

  }

  /** Test that giving a null 'safeChars' string causes a {@link NullPointerException}. */
  @SuppressWarnings("nullness") // test of a bogus call
  public void testBadArguments_null() {
    assertThrows(NullPointerException.class, () -> new PercentEscaper(null, false));
  }

  /**
   * Tests that specifying any alphanumeric characters as 'safe' causes an {@link
   * IllegalArgumentException}.
   */

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,141,172] *}

/// info | Détails techniques

`Security` est en réalité une sous-classe de `Depends`, et elle n’a qu’un paramètre supplémentaire que nous verrons plus tard.

     *
     * @return the location of the problem, never {@code null}
     */
    @Nonnull
    String getLocation();

    /**
     * Gets the exception that caused this problem (if any).
     *
     * @return the exception that caused this problem or {@code null} if not applicable
     */
    @Nullable
    Exception getException();

    /**
     * Gets the message that describes this problem.
     *