ws://foo:80/  s:ws h:foo p:/
ws://foo:81/  s:ws h:foo port:81 p:/
ws://foo:443/  s:ws h:foo port:443 p:/
ws://foo:815/  s:ws h:foo port:815 p:/
wss://foo:80/  s:wss h:foo port:80 p:/
wss://foo:81/  s:wss h:foo port:81 p:/
wss://foo:443/  s:wss h:foo p:/
wss://foo:815/  s:wss h:foo port:815 p:/
http:/example.com/  s:http h:example.com p:/
ftp:/example.com/  s:ftp h:example.com p:/
https:/example.com/  s:https h:example.com p:/

internal fun canonicalUrl(url: String): String {
  // Silently replace web socket URLs with HTTP URLs.
  return when {
    url.startsWith("ws:", ignoreCase = true) -> {
      "http:${url.substring(3)}"
    }
    url.startsWith("wss:", ignoreCase = true) -> {
      "https:${url.substring(4)}"
    }
    else -> url
  }
}

fun Request.Builder.commonHeader(
  name: String,
  value: String,
) = apply {
  headers[name] = value
}

## `HTTPSRedirectMiddleware`

Erzwingt, dass alle eingehenden Requests entweder `https` oder `wss` sein müssen.

Alle eingehenden Requests an `http` oder `ws` werden stattdessen an das sichere Schema umgeleitet.

```Python hl_lines="2  6"
{!../../../docs_src/advanced_middleware/tutorial001.py!}
```

    **FastAPI** 在 `fastapi.middleware` 中提供的中间件只是为了方便开发者使用，但绝大多数可用的中间件都直接继承自 Starlette。

## `HTTPSRedirectMiddleware`

强制所有传入请求必须是 `https` 或 `wss`。

任何传向 `http` 或 `ws` 的请求都会被重定向至安全方案。

```Python hl_lines="2  6"
{!../../../docs_src/advanced_middleware/tutorial001.py!}
```

## `TrustedHostMiddleware`

强制所有传入请求都必须正确设置 `Host` 请求头，以防 HTTP 主机头攻击。

  static final class SlackJsonAdapters {
    @ToJson String urlToJson(HttpUrl httpUrl) {
      return httpUrl.toString();
    }

    @FromJson HttpUrl urlFromJson(String urlString) {
      if (urlString.startsWith("wss:")) urlString = "https:" + urlString.substring(4);
      if (urlString.startsWith("ws:")) urlString = "http:" + urlString.substring(3);
      return HttpUrl.get(urlString);
    }
  }

    **FastAPI** 🚚 📚 🛠️ `fastapi.middleware` 🏪 👆, 👩‍💻. ✋️ 🌅 💪 🛠️ 👟 🔗 ⚪️➡️ 💃.

## `HTTPSRedirectMiddleware`

🛠️ 👈 🌐 📨 📨 🔜 👯‍♂️ `https` ⚖️ `wss`.

🙆 📨 📨 `http` ⚖️ `ws` 🔜 ❎ 🔐 ⚖ ↩️.

```Python hl_lines="2  6"
{!../../../docs_src/advanced_middleware/tutorial001.py!}
```

## `TrustedHostMiddleware`

## `HTTPSRedirectMiddleware`

Enforces that all incoming requests must either be `https` or `wss`.

Any incoming requests to `http` or `ws` will be redirected to the secure scheme instead.

```Python hl_lines="2  6"
{!../../../docs_src/advanced_middleware/tutorial001.py!}
```

## `TrustedHostMiddleware`

// Validate MQTTArgs fields
func (m MQTTArgs) Validate() error {
	if !m.Enable {
		return nil
	}
	u, err := xnet.ParseURL(m.Broker.String())
	if err != nil {
		return err
	}
	switch u.Scheme {
	case "ws", "wss", "tcp", "ssl", "tls", "tcps":
	default:
		return errors.New("unknown protocol in broker address")
	}
	if m.QueueDir != "" {
		if !filepath.IsAbs(m.QueueDir) {
			return errors.New("queueDir path should be absolute")

	}
	if debugPrint {
		// Random Mux ID
		c.NextID = rand.Uint64()
	}
	if !strings.HasPrefix(o.remote, "https://") && !strings.HasPrefix(o.remote, "wss://") {
		c.baseFlags |= FlagCRCxxh3
	}
	if !strings.HasPrefix(o.local, "https://") && !strings.HasPrefix(o.local, "wss://") {
		c.baseFlags |= FlagCRCxxh3
	}
	if o.publisher != nil {
		c.traceRequests(o.publisher)
	}
	if o.local == o.remote {

          handshakeCertificates.sslSocketFactory(),
          handshakeCertificates.trustManager,
        )
        .hostnameVerifier(RecordingHostnameVerifier())
        .build()
    websocketScheme("wss")
  }

  @Test
  fun httpsScheme() {
    webServer.useHttps(handshakeCertificates.sslSocketFactory())
    client =
      client.newBuilder()
        .sslSocketFactory(