api.search.accept.referers=
# Whether to enable scroll for API search.
api.search.scroll=false
# Headers for API JSON response.
api.json.response.headers=Referrer-Policy:strict-origin-when-cross-origin
# Whether to include exceptions in API JSON response.
api.json.response.exception.included=false
# Headers for API GSA response.
api.gsa.response.headers=Referrer-Policy:strict-origin-when-cross-origin
# Whether to include exceptions in API GSA response.

	</button>
</div>
<div class="offcanvas offcanvas-end d-md-none" tabindex="-1" id="facetOffcanvas" aria-labelledby="facetOffcanvasLabel">
	<div class="offcanvas-header">
		<h5 class="offcanvas-title" id="facetOffcanvasLabel"><la:message key="labels.facet_filter_button" /></h5>
		<button type="button" class="btn-close" data-bs-dismiss="offcanvas" aria-label="Close"></button>
	</div>

	defer cancel()

	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, bytes.NewReader(buf))
	if err != nil {
		return err
	}

	if token != "" {
		req.Header.Set("Authorization", token)
	}
	req.Header.Set("Content-Type", "application/json")

	clnt := http.Client{Transport: getRemoteInstanceTransport()}
	resp, err := clnt.Do(req)
	if err != nil {
		return err
	}

<img src="/img/tutorial/security/image10.png">

/// note

Notice the header `Authorization`, with a value that starts with `Bearer `.

///

## Advanced usage with `scopes` { #advanced-usage-with-scopes }

OAuth2 has the notion of "scopes".

    val c = this[i]
    // The WHATWG Host parsing rules accepts some character codes which are invalid by
    // definition for OkHttp's host header checks (and the WHATWG Host syntax definition). Here
    // we rule out characters that would cause problems in host headers.
    if (c <= '\u001f' || c >= '\u007f') {
      return true
    }
    // Check for the characters mentioned in the WHATWG Host parsing spec:

        final int avPairsLength = avPairs != null ? avPairs.length : 0;
        final byte[] temp = new byte[28 + avPairsLength + 4];

        Encdec.enc_uint32le(0x00000101, temp, 0); // Header
        Encdec.enc_uint32le(0x00000000, temp, 4); // Reserved
        Encdec.enc_uint64le(nanos1601, temp, 8);
        System.arraycopy(clientChallenge, 0, temp, 16, 8);

					<charset>UTF-8</charset>
					<locale>en_US</locale>
					<windowtitle>Open Source Enterprise Search: Fess API</windowtitle>
					<header>&lt;a href="https://fess.codelibs.org/" target="_blank"&gt;Enterprise Search Server: Fess&lt;/a&gt;</header>
					<excludePackageNames>
						org.codelibs.fess.mylasta.*,
						org.codelibs.fess.opensearch.config.*,
						org.codelibs.fess.opensearch.common.*,

It keeps the function signatures working in other contexts, respects the types, allows reusability.

### In Parameter Declarations

Use `Annotated` for parameter declarations, including `Path`, `Query`, `Header`, etc.:

```python
from typing import Annotated

from fastapi import FastAPI, Path, Query

app = FastAPI()


@app.get("/items/{item_id}")
async def read_item(

            byte[] buffer = new byte[100];

            // Act
            int encodedSize = context.encode(buffer, 0);

            // Assert
            assertEquals(4, encodedSize); // Only header size
            assertEquals(0, buffer[0]); // hash algo count
            assertEquals(0, buffer[1]);
            assertEquals(0, buffer[2]); // salt length
            assertEquals(0, buffer[3]);
        }

pkg archive/tar, type Format int
pkg archive/tar, type Header struct, Format Format
pkg archive/tar, type Header struct, PAXRecords map[string]string
pkg archive/zip, method (*Writer) SetComment(string) error
pkg archive/zip, type FileHeader struct, Modified time.Time
pkg archive/zip, type FileHeader struct, NonUTF8 bool
pkg bufio, method (*Reader) Size() int
pkg bufio, method (*Writer) Size() int