# Advanced Middleware

In the main tutorial you read how to add [Custom Middleware](../tutorial/middleware.md){.internal-link target=_blank} to your application.

And then you also read how to handle [CORS with the `CORSMiddleware`](../tutorial/cors.md){.internal-link target=_blank}.

In this section we'll see how to use other middlewares.

## Adding ASGI middlewares

# Advanced Security

## Additional Features

There are some extra features to handle security apart from the ones covered in the [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.

!!! tip
    The next sections are **not necessarily "advanced"**.

    And it's possible that for your use case, the solution is in one of them.

## Read the Tutorial first

```

## Other middlewares

You can later read more about other middlewares in the [Advanced User Guide: Advanced Middleware](../advanced/middleware.md){.internal-link target=_blank}.

So, you should be able to pin to a version like:

```txt
fastapi>=0.45.0,<0.46.0
```

Breaking changes and new features are added in "MINOR" versions.

!!! tip
    The "MINOR" is the number in the middle, for example, in `0.2.3`, the MINOR version is `2`.

## Upgrading the FastAPI versions

You should add tests for your app.

* Restarts
* Replication (the number of processes running)
* Memory
* Previous steps before starting

# OpenAPI

There are several utilities to handle OpenAPI.

from docs_src.websockets.tutorial003 import app, html

client = TestClient(app)


def test_get():
    response = client.get("/")
    assert response.text == html


def test_websocket_handle_disconnection():
    with client.websocket_connect("/ws/1234") as connection, client.websocket_connect(
        "/ws/5678"
    ) as connection_two:
        connection.send_text("Hello from 1234")

If there's no `gzip` in the header, it will not try to decompress the body.

That way, the same route class can handle gzip compressed or uncompressed requests.

```Python hl_lines="8-15"
{!../../../docs_src/custom_request_and_route/tutorial001.py!}
```

### Create a custom `GzipRoute` class

    return client


@needs_py39
def test_get(client: TestClient, html: str):
    response = client.get("/")
    assert response.text == html


@needs_py39
def test_websocket_handle_disconnection(client: TestClient):
    with client.websocket_connect("/ws/1234") as connection, client.websocket_connect(
        "/ws/5678"
    ) as connection_two:
        connection.send_text("Hello from 1234")

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.

OAuth2 was designed so that the backend or API could be independent of the server that authenticates the user.

But in this case, the same **FastAPI** application will handle the API and the authentication.

So, let's review it from that simplified point of view: