## Parámetros de query requeridos

Cuando declaras un valor por defecto para parámetros que no son de path (por ahora, solo hemos visto parámetros de query), entonces no es requerido.

Si no quieres agregar un valor específico pero solo hacer que sea opcional, establece el valor por defecto como `None`.

Pero cuando quieres hacer un parámetro de query requerido, simplemente no declares ningún valor por defecto:

La *path operation* en sí también declara un scope, `"items"`, por lo que esto también estará en la lista de `security_scopes.scopes` pasado a `get_current_user`.

Así es como se ve la jerarquía de dependencias y scopes:

* La *path operation* `read_own_items` tiene:
    * Scopes requeridos `["items"]` con la dependencia:

* Para requests `PUT` a `/items/{item_id}`, leerá el body como JSON:
    * Comprobará que tiene un atributo requerido `name` que debe ser un `str`.
    * Comprobará que tiene un atributo requerido `price` que debe ser un `float`.
    * Comprobará que tiene un atributo opcional `is_offer`, que debe ser un `bool`, si está presente.

    * A Python `datetime.datetime`.
    * In requests and responses will be represented as a `str` in ISO 8601 format, like: `2008-09-15T15:53:00+05:00`.
* `datetime.date`:
    * Python `datetime.date`.
    * In requests and responses will be represented as a `str` in ISO 8601 format, like: `2008-09-15`.
* `datetime.time`:
    * A Python `datetime.time`.

The same way, you can define logic (code) that should be executed when the application is **shutting down**. In this case, this code will be executed **once**, **after** having handled possibly **many requests**.

        return bytesReceived.get();
    }

    /**
     * Get number of requests sent
     *
     * @return requests sent
     */
    public long getRequestsSent() {
        return requestsSent.get();
    }

    /**
     * Get number of requests received
     *
     * @return requests received
     */
    public long getRequestsReceived() {
        return requestsReceived.get();

            executor.shutdown();

            // Some requests should be rejected due to backpressure
            assertTrue(rejectedCount.get() > 0, "Some requests should be rejected by backpressure");
            assertTrue(successCount.get() > 0, "Some requests should succeed");
            assertEquals(5, rejectedCount.get() + successCount.get(), "Total should be 5");

being sent with the **HTTP protocol**.

It is a common practice to have **one program/HTTP server** running on the server (the machine, host, etc.) and **managing all the HTTPS parts**: receiving the **encrypted HTTPS requests**, sending the **decrypted HTTP requests** to the actual HTTP application running in the same server (the **FastAPI** application, in this case), take the **HTTP response** from the application, **encrypt it** using the appropriate **HTTPS certificate** and sending it...

### CORS preflight requests { #cors-preflight-requests }

These are any `OPTIONS` request with `Origin` and `Access-Control-Request-Method` headers.

In this case the middleware will intercept the incoming request and respond with appropriate CORS headers, and either a `200` or `400` response for informational purposes.

### Simple requests { #simple-requests }

Enforces that all incoming requests must either be `https` or `wss`.

Any incoming request to `http` or `ws` will be redirected to the secure scheme instead.

{* ../../docs_src/advanced_middleware/tutorial001.py hl[2,6] *}

## `TrustedHostMiddleware` { #trustedhostmiddleware }

Enforces that all incoming requests have a correctly set `Host` header, in order to guard against HTTP Host Header attacks.