-->

## Introduction {#intro}

Go's emphasis on backwards compatibility is one of its key strengths.
There are, however, times when we cannot maintain complete compatibility.
If code depends on buggy (including insecure) behavior,
then fixing the bug will break that code.
New features can also have similar impacts:
enabling the HTTP/2 use by the HTTP client broke programs
connecting to servers with buggy HTTP/2 implementations.

                httpClientBuilder.setSSLContext(sslContext);
                logger.warn(
                        "SSL certificate validation is disabled. This configuration is insecure and should only be used in development/testing environments.");
                return new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
            } catch (final Exception e) {

                // SECURITY WARNING: Unsecure basic authentication is enabled by default.
                // This sends credentials in Base64 encoding over potentially unencrypted connections.
                // For production, it is STRONGLY RECOMMENDED to set spnego.allow.unsecure.basic to false
                // and use HTTPS or more secure authentication methods.

            final String forwardedProto = request.getHeader("X-Forwarded-Proto");
            if ("https".equalsIgnoreCase(forwardedProto)) {
                return true;
            }
            return request.isSecure();
        }
        return Constants.TRUE.equalsIgnoreCase(secure);
    }

    /**
     * Interface for rewriting search request parameters.
     *

  - 🤖 An automatically generated frontend client.
  - 🧪 [Playwright](https://playwright.dev) for End-to-End testing.
  - 🦇 Dark mode support.
- 🐋 [Docker Compose](https://www.docker.com) for development and production.
- 🔒 Secure password hashing by default.
- 🔑 JWT (JSON Web Token) authentication.
- 📫 Email based password recovery.
- ✅ Tests with [Pytest](https://pytest.org).
- 📞 [Traefik](https://traefik.io) as a reverse proxy / load balancer.

If you want to secure your API, there are several better things you can do, for example:

* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.

    title: Auth, user management and more for your B2B product
    img: https://fastapi.tiangolo.com/img/sponsors/propelauth.png
  - url: https://zuplo.link/fastapi-gh
    title: 'Zuplo: Deploy, Secure, Document, and Monetize your FastAPI'
    img: https://fastapi.tiangolo.com/img/sponsors/zuplo.png
  - url: https://liblab.com?utm_source=fastapi
    title: liblab - Generate SDKs from FastAPI

     */
    protected InputStream bodyStream;

    /**
     * The compression type for the request.
     */
    protected String compression = null;

    /**
     * The SSL socket factory for secure connections.
     */
    protected SSLSocketFactory sslSocketFactory = null;

    /**
     * The thread pool for executing the request.
     */
    protected ForkJoinPool threadPool;

    /**

///

## `HTTPSRedirectMiddleware` { #httpsredirectmiddleware }

Enforces that all incoming requests must either be `https` or `wss`.

Any incoming request to `http` or `ws` will be redirected to the secure scheme instead.

{* ../../docs_src/advanced_middleware/tutorial001_py39.py hl[2,6] *}

## `TrustedHostMiddleware` { #trustedhostmiddleware }

 * [CWAC-NetSecurity](https://github.com/commonsguy/cwac-netsecurity): Simplifying Secure Internet Access.
 * [Failsafe](https://failsafe.dev/okhttp/): Fault tolerance and resilience patterns.
 * [Flipper](https://fbflipper.com/): A desktop debugging platform for mobile developers.