!!! tip
    The next sections are **not necessarily "advanced"**.

    And it's possible that for your use case, the solution is in one of them.

## Read the Tutorial first

The next sections assume you already read the main [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.

    session: Annotated[str | None, Cookie()] = None,
    token: Annotated[str | None, Query()] = None,
):
    if session is None and token is None:
        raise WebSocketException(code=status.WS_1008_POLICY_VIOLATION)
    return session or token


@app.websocket("/items/{item_id}/ws")
async def websocket_endpoint(
    *,
    websocket: WebSocket,
    item_id: str,
    q: int | None = None,

        with client.websocket_connect("/depends-validate/"):
            pass  # pragma: no cover
    # the validation error does produce a close message
    assert e.value.code == status.WS_1008_POLICY_VIOLATION
    # and no error is leaked
    assert caught == []


def test_depend_err_middleware():
    """
    Verify that it is possible to write custom WebSocket middleware to catch errors
    """

## Public Discussions

Please restrain from publicly discussing a potential security vulnerability. 🙊

It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.

---

Thanks for your help!

In the next sections you will see other options, configurations, and additional features.

!!! tip
    The next sections are **not necessarily "advanced"**.

    And it's possible that for your use case, the solution is in one of them.

## Read the Tutorial first

You could still use most of the features in **FastAPI** with the knowledge from the main [Tutorial - User Guide](../tutorial/index.md){.internal-link target=_blank}.

        By asking questions in a structured way (following this) it will be much easier to help you.

        And there's a high chance that you will find the solution along the way and you won't even have to submit it and wait for an answer. 😎

from starlette.exceptions import HTTPException
from starlette.requests import Request
from starlette.responses import JSONResponse, Response
from starlette.status import HTTP_422_UNPROCESSABLE_ENTITY, WS_1008_POLICY_VIOLATION


async def http_exception_handler(request: Request, exc: HTTPException) -> Response:
    headers = getattr(exc, "headers", None)
    if not is_body_allowed_for_status_code(exc.status_code):

    websocket: WebSocket,
    session: str | None = Cookie(default=None),
    token: str | None = Query(default=None),
):
    if session is None and token is None:
        raise WebSocketException(code=status.WS_1008_POLICY_VIOLATION)
    return session or token


@app.websocket("/items/{item_id}/ws")
async def websocket_endpoint(
    websocket: WebSocket,
    item_id: str,
    q: int | None = None,

!!! note "Remarque"
    Les sections de ce chapitre ne sont **pas nécessairement "avancées"**.

    Et il est possible que pour votre cas d'utilisation, la solution se trouve dans l'un d'entre eux.

## Lisez d'abord le didacticiel

    session: Union[str, None] = Cookie(default=None),
    token: Union[str, None] = Query(default=None),
):
    if session is None and token is None:
        raise WebSocketException(code=status.WS_1008_POLICY_VIOLATION)
    return session or token


@app.websocket("/items/{item_id}/ws")
async def websocket_endpoint(
    websocket: WebSocket,
    item_id: str,
    q: Union[int, None] = None,