## Pin your `fastapi` version { #pin-your-fastapi-version }

The first thing you should do is to "pin" the version of **FastAPI** you are using to the specific latest version that you know works correctly for your application.

For example, let's say you are using version `0.112.0` in your app.

You will see the automatic API docs for the sub-application, including only its own _path operations_, all under the correct sub-path prefix `/subapi`:

<img src="/img/tutorial/sub-applications/image02.png">

If you try interacting with any of the two user interfaces, they will work correctly, because the browser will be able to talk to each specific app or sub-app.

### Technical Details: `root_path` { #technical-details-root-path }

        assertEquals(SmbOperationException.ErrorCategory.NETWORK, exception.getErrorCategory());
        assertTrue(exception.isRetryable());
    }

    @Test
    @DisplayName("Should handle retry policy correctly")
    void testRetryPolicy() {
        // Given
        SmbOperationException.RetryPolicy policy = new SmbOperationException.RetryPolicy(3, 1000, 10000, 2.0, true);

        }

        @Test
        @DisplayName("Should handle offset correctly")
        void testSignWithOffset() {
            byte[] largeData = new byte[256];
            int offset = 64;
            Arrays.fill(largeData, (byte) 0x00);

            digest.sign(largeData, offset, 128, request, response);

            // Verify signature is placed at correct location

{* ../../docs_src/advanced_middleware/tutorial001.py hl[2,6] *}

## `TrustedHostMiddleware` { #trustedhostmiddleware }

Enforces that all incoming requests have a correctly set `Host` header, in order to guard against HTTP Host Header attacks.

{* ../../docs_src/advanced_middleware/tutorial002.py hl[2,6:8] *}

The following arguments are supported:

## Wildcards { #wildcards }

It's also possible to declare the list as `"*"` (a "wildcard") to say that all are allowed.

But that will only allow certain types of communication, excluding everything that involves credentials: Cookies, Authorization headers like those used with Bearer Tokens, etc.

So, for everything to work correctly, it's better to specify explicitly the allowed origins.

This is something that you have to do yourself in your code, and make sure you use those JSON keys.

It's almost the only thing that you have to remember to do correctly yourself, to be compliant with the specifications.

For the rest, **FastAPI** handles it for you.

///

## Update the dependencies { #update-the-dependencies }

        assertEquals("NODE_AVAILABLE", WitnessEventType.NODE_AVAILABLE.toString());
    }

    @Test
    void testEnumValueOf() {
        // Test that valueOf works correctly
        assertEquals(WitnessServiceType.CLUSTER_WITNESS, WitnessServiceType.valueOf("CLUSTER_WITNESS"));
        assertEquals(WitnessServiceType.FILE_SERVER_WITNESS, WitnessServiceType.valueOf("FILE_SERVER_WITNESS"));

You can write <a href="https://en.wikipedia.org/wiki/Markdown" class="external-link" target="_blank">Markdown</a> in the docstring, it will be interpreted and displayed correctly (taking into account docstring indentation).

{* ../../docs_src/path_operation_configuration/tutorial004_py310.py hl[17:25] *}

It will be used in the interactive docs:

        SMBUtil.writeInt2(65535, buffer2, 58);

        // Test should detect buffer overflow (this is working correctly!)
        SMBProtocolDecodingException exception = assertThrows(SMBProtocolDecodingException.class, () -> {
            response.readBytesWireFormat(buffer, 0);
        });

        // The validation correctly detects when buffer extends beyond available data