## Use `CORSMiddleware` { #use-corsmiddleware }

You can configure it in your **FastAPI** application using the `CORSMiddleware`.

* Import `CORSMiddleware`.
* Create a list of allowed origins (as strings).
* Add it as a "middleware" to your **FastAPI** application.

You can also specify whether your backend allows:

    allow_inf_nan: Annotated[
        bool | None,
        Doc(
            """
            Allow `inf`, `-inf`, `nan`. Only applicable to numbers.
            """
        ),
    ] = _Unset,
    max_digits: Annotated[
        int | None,
        Doc(
            """
            Maximum number of digits allowed for decimal values.
            """
        ),
    ] = _Unset,
    decimal_places: Annotated[

    }

    /**
     * Creates a custom filter that allows only the specified class patterns.
     * <p>
     * Patterns can be exact class names or use wildcards with '*' at the end.
     * For example: "com.example.*" allows all classes in the com.example package.
     * </p>
     *
     * @param allowedPatterns the patterns of classes to allow

   * @throws IndexOutOfBoundsException if either index is negative, {@code rowIndex} is greater than
   *     or equal to the number of allowed row keys, or {@code columnIndex} is greater than or equal
   *     to the number of allowed column keys
   */
  public @Nullable V at(int rowIndex, int columnIndex) {
    // In GWT array access never throws IndexOutOfBoundsException.

The following arguments are supported:

* `allowed_hosts` - A list of domain names that should be allowed as hostnames. Wildcard domains such as `*.example.com` are supported for matching subdomains. To allow any hostname either use `allowed_hosts=["*"]` or omit the middleware.
* `www_redirect` - If set to True, requests to non-www versions of the allowed hosts will be redirected to their www counterparts. Defaults to `True`.

    assertEquals(2, factory2.newThread(monitoredRunnable).getPriority());
  }

  public void testBuildTwice() {
    ThreadFactory unused;
    unused = builder.build(); // this is allowed
    unused = builder.build(); // this is *also* allowed
  }

  public void testBuildMutate() {
    ThreadFactory factory1 = builder.setPriority(1).build();
    assertEquals(1, factory1.newThread(monitoredRunnable).getPriority());

                        isAllowed = true;
                        break;
                    }
                }
            }
            if (!allowedPaths.isEmpty() && !isAllowed) {
                throw new IllegalArgumentException(
                        "File path is outside allowed directory: path=" + canonicalPath + ", allowed=" + allowedPaths);
            }

    assertEquals(2, factory2.newThread(monitoredRunnable).getPriority());
  }

  public void testBuildTwice() {
    ThreadFactory unused;
    unused = builder.build(); // this is allowed
    unused = builder.build(); // this is *also* allowed
  }

  public void testBuildMutate() {
    ThreadFactory factory1 = builder.setPriority(1).build();
    assertEquals(1, factory1.newThread(monitoredRunnable).getPriority());

For example, if the client tries to send the form fields:

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

They will receive an error response telling them that the field `extra` is not allowed:

```json
{
    "detail": [
        {
            "type": "extra_forbidden",
            "loc": ["body", "extra"],
            "msg": "Extra inputs are not permitted",
            "input": "Mr. Poopybutthole"

    private static final String ADMIN_SERVER = "/admin/server_";

    private static final Logger logger = LogManager.getLogger(SearchEngineApiManager.class);

    /** Roles that are allowed to access the search engine API */
    protected String[] acceptedRoles = { "admin" };

    /**
     * Default constructor.
     * Initializes the API manager with the admin server path prefix.
     */