## Use `CORSMiddleware` { #use-corsmiddleware }

You can configure it in your **FastAPI** application using the `CORSMiddleware`.

* Import `CORSMiddleware`.
* Create a list of allowed origins (as strings).
* Add it as a "middleware" to your **FastAPI** application.

You can also specify whether your backend allows:

    }

    /**
     * Creates a custom filter that allows only the specified class patterns.
     * <p>
     * Patterns can be exact class names or use wildcards with '*' at the end.
     * For example: "com.example.*" allows all classes in the com.example package.
     * </p>
     *
     * @param allowedPatterns the patterns of classes to allow

        }

        /**
         * Checks if the given path is allowed according to this directive.
         * According to RFC 9309:
         * 1. Find the longest matching pattern (by priority length)
         * 2. If both Allow and Disallow patterns match with the same length, Allow takes precedence
         * 3. If no pattern matches, the path is allowed by default
         *
         * @param path the path to check

    allow_inf_nan: Annotated[
        Union[bool, None],
        Doc(
            """
            Allow `inf`, `-inf`, `nan`. Only applicable to numbers.
            """
        ),
    ] = _Unset,
    max_digits: Annotated[
        Union[int, None],
        Doc(
            """
            Maximum number of allow digits for strings.
            """
        ),
    ] = _Unset,
    decimal_places: Annotated[

        }
        return true;
    }

    /**
     * Checks if the given value matches any of the specified protocols.
     *
     * @param protocols the allowed protocols
     * @param value the URI string to validate
     * @return true if the value matches allowed protocols, false otherwise
     */
    protected static boolean check(final String[] protocols, final String value) {
        final String[] paths = value.split("[\r\n]");

        // Test allows method when no directives are set
        RobotsTxt robotsTxt = new RobotsTxt();

        // Should return true when no directives match
        assertTrue(robotsTxt.allows("/path", "MyBot"));
        assertTrue(robotsTxt.allows("/admin", "GoogleBot"));
    }

    public void test_allowsWithAllowedPath() {
        // Test allows method with allowed path

   * @throws IndexOutOfBoundsException if either index is negative, {@code rowIndex} is greater than
   *     or equal to the number of allowed row keys, or {@code columnIndex} is greater than or equal
   *     to the number of allowed column keys
   */
  public @Nullable V at(int rowIndex, int columnIndex) {
    // In GWT array access never throws IndexOutOfBoundsException.

    public void testIsPathSafe_SafePath() throws Exception {
        final Path baseDir = tempFolder.getRoot().toPath();
        final Path safePath = baseDir.resolve("subdir/file.txt");

        assertTrue("Safe path should be allowed", FileUtil.isPathSafe(safePath, baseDir));
    }

    /**
     * Test isPathSafe with path traversal attempt
     *
     * @throws Exception
     */
    @Test

    /**
     * Sets the fields that are allowed in API responses.
     *
     * @param fields array of field names that are allowed in API responses
     */
    public void setApiResponseFields(final String[] fields) {
        apiResponseFieldSet = new HashSet<>();
        Collections.addAll(apiResponseFieldSet, fields);
    }

    /**
     * Checks if the specified field is allowed in API responses.
     *

The following arguments are supported:

* `allowed_hosts` - A list of domain names that should be allowed as hostnames. Wildcard domains such as `*.example.com` are supported for matching subdomains. To allow any hostname either use `allowed_hosts=["*"]` or omit the middleware.
* `www_redirect` - If set to True, requests to non-www versions of the allowed hosts will be redirected to their www counterparts. Defaults to `True`.