assert response.json() == {"detail": "Not authenticated"}


def test_security_http_basic_non_basic_credentials(client: TestClient):
    payload = b64encode(b"johnsecret").decode("ascii")
    auth_header = f"Basic {payload}"
    response = client.get("/users/me", headers={"Authorization": auth_header})
    assert response.status_code == 401, response.text

    return ItemOut(name=item.name, value=item.value, dep=dep)


@app.post("/sync/large-receive")
def sync_large_receive(payload: LargeIn):
    return {"received": len(payload.items)}


@app.post("/async/large-receive")
async def async_large_receive(payload: LargeIn):
    return {"received": len(payload.items)}


@app.get("/sync/large-dict-no-response-model")
def sync_large_dict_no_response_model():

* «the query parameter»: «der Query-Parameter»
* «the cookie parameter»: «der Cookie-Parameter»
* «the header parameter»: «der Header-Parameter»
* «the form parameter»: «der Formular-Parameter»
* «the payload»: «die Payload»
* «the performance»: NOT «die Performance»
* «the query»: «die Query»
* «the recap»: «die Zusammenfassung»
* «the request» (what the client sends to the server): «der Request»

Dann verwenden wir den Request direkt und extrahieren den Body als `bytes`. Das bedeutet, dass FastAPI nicht einmal versucht, die Request-Payload als JSON zu parsen.

Und dann parsen wir in unserem Code diesen YAML-Inhalt direkt und verwenden dann wieder dasselbe Pydantic-Modell, um den YAML-Inhalt zu validieren:

This change fixes a [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

In versions lower than `0.65.2`, FastAPI would try to read the request payload as JSON even if the `content-type` header sent was not set to `application/json` or a compatible JSON media type (e.g. `application/geo+json`).