# `Response` class

You can declare a parameter in a *path operation function* or dependency to be of type `Response` and then you can set data for the response like headers or cookies.

You can also use it directly to create an instance of it and return it from your *path operations*.

You can import it directly from `fastapi`:

```python
from fastapi import Response
```

# `Response`-Klasse

Sie können einen Parameter in einer *Pfadoperation-Funktion* oder einer Abhängigkeit als `Response` deklarieren und dann Daten für die Response wie Header oder Cookies festlegen.

Diese können Sie auch direkt verwenden, um eine Instanz davon zu erstellen und diese von Ihren *Pfadoperationen* zurückzugeben.

Sie können sie direkt von `fastapi` importieren:

```python
from fastapi import Response
```

the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in
a non-production environment.

You can redact headers that may contain sensitive information by calling `redactHeader()`.
```java
logging.redactHeader("Authorization");
logging.redactHeader("Cookie");
```

Download
--------

```kotlin

    authorizationResponse:
      allowedClientHeaders:
        patterns:
        - exact: Set-cookie
          ignoreCase: true
        - ignoreCase: true
          prefix: x-prefix-
        - ignoreCase: true
          suffix: -suffix
      allowedClientHeadersOnSuccess:
        patterns:
        - exact: Set-cookie
          ignoreCase: true
        - ignoreCase: true
          prefix: x-prefix-

# ヘッダーのパラメータ

ヘッダーのパラメータは、`Query`や`Path`、`Cookie`のパラメータを定義するのと同じように定義できます。

## `Header`をインポート

まず、`Header`をインポートします:

```Python hl_lines="3"
{!../../../docs_src/header_params/tutorial001.py!}
```

## `Header`のパラメータの宣言

次に、`Path`や`Query`、`Cookie`と同じ構造を用いてヘッダーのパラメータを宣言します。

最初の値がデフォルト値で、追加の検証パラメータや注釈パラメータをすべて渡すことができます。

```Python hl_lines="9"
{!../../../docs_src/header_params/tutorial001.py!}
```

!!! note "技術詳細"

## Wildcards

It's also possible to declare the list as `"*"` (a "wildcard") to say that all are allowed.

But that will only allow certain types of communication, excluding everything that involves credentials: Cookies, Authorization headers like those used with Bearer Tokens, etc.

So, for everything to work correctly, it's better to specify explicitly the allowed origins.

## Use `CORSMiddleware`

    from typing import Annotated

    from fastapi import (
        Cookie,
        FastAPI,
        WebSocket,
        WebSocketException,
        status,
    )

    app = FastAPI()

    @app.websocket("/items/{item_id}/ws")
    async def websocket_endpoint(
        *,
        websocket: WebSocket,
        session: Annotated[str | None, Cookie()] = None,
        item_id: str,
    ):
        if session is None:

pkg net, type ListenConfig struct, KeepAliveConfig KeepAliveConfig #62254
pkg net/http, func ParseCookie(string) ([]*Cookie, error) #66008
pkg net/http, func ParseSetCookie(string) (*Cookie, error) #66008
pkg net/http, method (*Request) CookiesNamed(string) []*Cookie #61472
pkg net/http, type Cookie struct, Partitioned bool #62490
pkg net/http, type Cookie struct, Quoted bool #46443
pkg net/http, type Request struct, Pattern string #66405

## 通配符

也可以使用 `"*"`（一个「通配符」）声明这个列表，表示全部都是允许的。

但这仅允许某些类型的通信，不包括所有涉及凭据的内容：像 Cookies 以及那些使用 Bearer 令牌的授权 headers 等。

因此，为了一切都能正常工作，最好显式地指定允许的源。

## 使用 `CORSMiddleware`

你可以在 **FastAPI** 应用中使用 `CORSMiddleware` 来配置它。

* 导入 `CORSMiddleware`。
* 创建一个允许的源列表（由字符串组成）。
* 将其作为「中间件」添加到你的 **FastAPI** 应用中。

你也可以指定后端是否允许：

* 凭证（授权 headers，Cookies 等）。
* 特定的 HTTP 方法（`POST`，`PUT`）或者使用通配符 `"*"` 允许所有方法。

[input]
wordlist = jwt-common.txt
commonHeaders = common-headers.txt
commonPayloads = common-payloads.txt

[argvals]
# Set at runtime - changes here are ignored
sigType =
targetUrl =
cookies =
key =
keyList =
keyFile =
headerLoc =
payloadclaim =
headerclaim =
payloadvalue =
headervalue =
canaryvalue =
header =
exploitType =
scanMode =
reqMode =
postData =
resCode =