These headers preserve information about the original request that would otherwise be lost:

* **X-Forwarded-For**: The original client's IP address
* **X-Forwarded-Proto**: The original protocol (`https`)
* **X-Forwarded-Host**: The original host (`mysuperapp.com`)

* If you can't understand the question, ask for more **details**.

### Reproduce the problem { #reproduce-the-problem }

For most of the cases and most of the questions there's something related to the person's **original code**.

In many cases they will only copy a fragment of the code, but that's not enough to **reproduce the problem**.

    @Test
    @DisplayName("Should add and retrieve context information")
    void testContextInformation() {
        // Given
        Map<String, Object> initialContext = new HashMap<>();
        initialContext.put("host", "server.example.com");
        initialContext.put("port", 445);

        exception = new SmbOperationException(SmbOperationException.ErrorCode.ACCESS_DENIED, "Permission denied", null,

 * [HTTP Public Key Pinning (HPKP)][rfc_7469] or SHA-1 base64 hashes as in Chromium's
 * [static certificates][static_certificates].
 *
 * ## Setting up Certificate Pinning
 *
 * The easiest way to pin a host is turn on pinning with a broken configuration and read the
 * expected configuration when the connection fails. Be sure to do this on a trusted network, and

OkHttp 3.x. You can use an OkHttp 4.x .jar file with applications or libraries built for OkHttp 3.x.

OkHttp is **not** source-compatible for Kotlin callers, but upgrading should be automatic thanks to
Kotlin’s powerful deprecation features. Most developers should be able to use IntelliJ’s _Code
Cleanup_ for a safe and fast upgrade.


Backwards-Incompatible Changes
------------------------------

#### OkHttpClient final methods

 *       add overloads that accept start and end indexes.
 *   <li>Can be streamed without "breaking the chain": {@code foo.getBarLongs().stream()...}.
 *   <li>Access to all collection-based utilities via {@link #asList} (though at the cost of
 *       allocating garbage).
 * </ul>
 *
 * <p>Disadvantages compared to {@code long[]}:
 *
 * <ul>
 *   <li>Memory footprint has a fixed overhead (about 24 bytes per instance).

 *       add overloads that accept start and end indexes.
 *   <li>Can be streamed without "breaking the chain": {@code foo.getBarInts().stream()...}.
 *   <li>Access to all collection-based utilities via {@link #asList} (though at the cost of
 *       allocating garbage).
 * </ul>
 *
 * <p>Disadvantages compared to {@code int[]}:
 *
 * <ul>
 *   <li>Memory footprint has a fixed overhead (about 24 bytes per instance).

    .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager())
    .build();
```

Client Authentication
---------------------

The above scenario is representative of most TLS set ups: the client uses certificates to validate
the identity of a server. The converse is also possible. Here we create a server that authenticates
a client and a client that authenticates a server.

```java

  - [Changelog since v1.19.14](#changelog-since-v11914)
  - [Important Security Information](#important-security-information)
    - [CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access](#cve-2021-25741-symlink-exchange-can-allow-host-filesystem-access)
  - [Changes by Kind](#changes-by-kind-1)
    - [Bug or Regression](#bug-or-regression-1)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake)

    assertThat("http://host/a\u0000b".toHttpUrl().toUri())
      .isEqualTo(URI("http://host/a%00b"))
    assertThat("http://host/a\u0080b".toHttpUrl().toUri())
      .isEqualTo(URI("http://host/a%C2%80b"))
    assertThat("http://host/a\u009fb".toHttpUrl().toUri())
      .isEqualTo(URI("http://host/a%C2%9Fb"))
    // Percent-encoded in the query.
    assertThat("http://host/?a\u0000b".toHttpUrl().toUri())
      .isEqualTo(URI("http://host/?a%00b"))