## More info { #more-info }

For more info about <abbr title="Cross-Origin Resource Sharing">CORS</abbr>, check the <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" class="external-link" target="_blank">Mozilla CORS documentation</a>.

/// note | Technical Details

You could also use `from starlette.middleware.cors import CORSMiddleware`.

Agora vamos revisar essas mudanças passo a passo.

## Esquema de segurança OAuth2

A primeira mudança é que agora nós estamos declarando o esquema de segurança OAuth2 com dois escopos disponíveis, `me` e `items`.

O parâmetro `scopes` recebe um `dict` contendo cada escopo como chave e a descrição como valor:

{* ../../docs_src/security/tutorial005_an_py310.py hl[63:66] *}

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.cors;

import java.util.HashMap;
import java.util.Map;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/**
 * Factory for managing CORS handlers based on origin.
 * Maintains a registry of CORS handlers for different origins and provides lookup functionality.
 */
public class CorsHandlerFactory {

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.cors;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;

/**
 * Abstract base class for handling CORS (Cross-Origin Resource Sharing) requests.
 * Provides common CORS header constants and defines the processing interface.
 */
public abstract class CorsHandler {

    /**

import java.io.IOException;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.cors.CorsHandler;
import org.codelibs.fess.cors.CorsHandlerFactory;
import org.codelibs.fess.util.ComponentUtil;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;

 * and applies standard CORS headers based on the application configuration.
 */
public class DefaultCorsHandler extends CorsHandler {

    /**
     * Creates a new instance of DefaultCorsHandler.
     * This constructor initializes the default CORS handler for applying
     * standard CORS headers based on application configuration.
     */
    public DefaultCorsHandler() {
        super();

have custom headers that you want a client in a browser to be able to see, you need to add them to your CORS configurations (read more in [CORS (Cross-Origin Resource Sharing)](../tutorial/cors.md){.internal-link target=_blank}), using the parameter `expose_headers` documented in <a href="https://www.starlette.io/middleware/#corsmiddleware" class="external-link" target="_blank">Starlette's CORS docs</a>....

---

## **Typer**, das FastAPI der CLIs

<a href="https://typer.tiangolo.com" target="_blank"><img src="https://typer.tiangolo.com/img/logo-margin/logo-margin-vector.svg" style="width: 20%;"></a>

In the main tutorial you read how to add [Custom Middleware](../tutorial/middleware.md){.internal-link target=_blank} to your application.

And then you also read how to handle [CORS with the `CORSMiddleware`](../tutorial/cors.md){.internal-link target=_blank}.

In this section we'll see how to use other middlewares.

## Adding ASGI middlewares { #adding-asgi-middlewares }

But if you have custom headers that you want a client in a browser to be able to see, you need to add them to your CORS configurations ([CORS (Cross-Origin Resource Sharing)](cors.md){.internal-link target=_blank}) using the parameter `expose_headers` documented in <a href="https://www.starlette.io/middleware/#corsmiddleware" class="external-link" target="_blank">Starlette's CORS docs</a>.

///

/// note | Technical Details