* elements, including {@code null}, are permitted.
 *
 * <p>{@code contains(x)}, {@code add(x)} and {@code remove(x)}, are all (expected and amortized)
 * constant time operations. Expected in the hashtable sense (depends on the hash function doing a
 * good job of distributing the elements to the buckets to a distribution not far from uniform), and

    void connectLogon_invocation_isForwarded() throws Exception {
        // Act
        tree.connectLogon(context);

        // Assert - verify interaction with dependency
        verify(tree, times(1)).connectLogon(context);
        verify(tree, never()).close();
    }

    @Test
    @DisplayName("connectLogon accepts null context but still invokes")
    void connectLogon_withNull_isInvoked() throws Exception {
        // Act

 *     possible for shared exchanges to make requests to different host names! See
 *     [RealConnection.isEligible] for details.
 *
 *  3. Attempt plans from prior connect attempts for this call. These occur as either follow-ups to
 *     failed connect attempts (such as trying the next [ConnectionSpec]), or as attempts that lost
 *     a race in fast follow-up.
 *

            // ## Assert ##
            assertEquals(500, response.getHttpStatusCode());
            String content = response.getContentAsString();
            assertEquals("", content);
        }
    }

    // --- Error stream with content tests ---

    /**
     * Mock HttpURLConnection that returns error body from getErrorStream().
     */

    Object[] copyTo = new Object[size];
    arraycopy(queue, 0, copyTo, 0, size);
    return copyTo;
  }

  /**
   * Returns the comparator used to order the elements in this queue. Obeys the general contract of
   * {@link PriorityQueue#comparator}, but returns {@link Ordering#natural} instead of {@code null}
   * to indicate natural ordering.
   */
  public Comparator<? super E> comparator() {
    return minHeap.ordering;

    Object[] copyTo = new Object[size];
    arraycopy(queue, 0, copyTo, 0, size);
    return copyTo;
  }

  /**
   * Returns the comparator used to order the elements in this queue. Obeys the general contract of
   * {@link PriorityQueue#comparator}, but returns {@link Ordering#natural} instead of {@code null}
   * to indicate natural ordering.
   */
  public Comparator<? super E> comparator() {
    return minHeap.ordering;

# Strict Content-Type Checking { #strict-content-type-checking }

By default, **FastAPI** uses strict `Content-Type` header checking for JSON request bodies, this means that JSON requests **must** include a valid `Content-Type` header (e.g. `application/json`) in order for the body to be parsed as JSON.

## CSRF Risk { #csrf-risk }

This default behavior provides protection against a class of **Cross-Site Request Forgery (CSRF)** attacks in a very specific scenario.

# Strikte Content-Type-Prüfung { #strict-content-type-checking }

Standardmäßig verwendet **FastAPI** eine strikte Prüfung des `Content-Type`-Headers für JSON-Requestbodys. Das bedeutet, dass JSON-Requests einen gültigen `Content-Type`-Header (z. B. `application/json`) enthalten MÜSSEN, damit der Body als JSON geparst wird.

## CSRF-Risiko { #csrf-risk }

# 엄격한 Content-Type 확인 { #strict-content-type-checking }

기본적으로 **FastAPI**는 JSON 요청 본문에 대해 엄격한 `Content-Type` 헤더 검사를 사용합니다. 이는 JSON 요청의 본문을 JSON으로 파싱하려면 유효한 `Content-Type` 헤더(예: `application/json`)를 반드시 포함해야 함을 의미합니다.

## CSRF 위험 { #csrf-risk }

이 기본 동작은 매우 특정한 시나리오에서 **Cross-Site Request Forgery (CSRF)** 공격의 한 유형에 대한 보호를 제공합니다.

이러한 공격은 브라우저가 다음과 같은 경우 CORS 사전 요청(preflight) 검사를 수행하지 않고 스크립트가 요청을 보내도록 허용한다는 점을 악용합니다:

# Content-Type の厳格チェック { #strict-content-type-checking }

既定では、FastAPI は JSON リクエストボディに対して厳格な `Content-Type` ヘッダーのチェックを行います。つまり、JSON のリクエストを JSON として解析するには、有効な `Content-Type` ヘッダー（例: `application/json`）を必ず含める必要があります。

## CSRF のリスク { #csrf-risk }

この既定の挙動は、ある特定の状況における Cross-Site Request Forgery（CSRF）攻撃の一種に対する保護を提供します。

これらの攻撃は、次の条件を満たすときにブラウザが CORS のプリフライトチェックを行わずにスクリプトからリクエストを送信できる事実を悪用します。

- `Content-Type` ヘッダーがない（例: `Blob` をボディにして `fetch()` を使う）