from typing import Annotated

    from fastapi import (
        Cookie,
        FastAPI,
        WebSocket,
        WebSocketException,
        status,
    )

    app = FastAPI()

    @app.websocket("/items/{item_id}/ws")
    async def websocket_endpoint(
        *,
        websocket: WebSocket,
        session: Annotated[str | None, Cookie()] = None,
        item_id: str,
    ):

* <abbr title="также известное как: сериализация, парсинг, маршалинг">Преобразование</abbr> входных данных: из сети в данные и типы Python. Чтение из:
    * JSON.
    * Параметров пути.
    * Параметров запроса.
    * Cookies.
    * HTTP-заголовков.
    * Форм.
    * Файлов.
* <abbr title="также известное как: сериализация, парсинг, маршалинг">Преобразование</abbr> выходных данных: из данных и типов Python в данные сети (например, JSON):

## Wildcards { #wildcards }

It's also possible to declare the list as `"*"` (a "wildcard") to say that all are allowed.

But that will only allow certain types of communication, excluding everything that involves credentials: Cookies, Authorization headers like those used with Bearer Tokens, etc.

So, for everything to work correctly, it's better to specify explicitly the allowed origins.

## Use `CORSMiddleware` { #use-corsmiddleware }

    }

    /**
     * Fess-specific implementation of BootPropsTranslator.
     * Handles SSL configuration and cookie settings for the Tomcat server.
     */
    static class FessBootPropsTranslator extends BootPropsTranslator {
        /**
         * Sets up server configuration if needed, including SSL and cookie settings.
         *
         * @param logger the boot logger for logging configuration messages

    options:
        members:
            - scope
            - app
            - url
            - base_url
            - headers
            - query_params
            - path_params
            - cookies
            - client
            - state
            - url_for
            - client_state
            - application_state
            - receive
            - send
            - accept

# `Response` class

You can declare a parameter in a *path operation function* or dependency to be of type `Response` and then you can set data for the response like headers or cookies.

You can also use it directly to create an instance of it and return it from your *path operations*.

You can import it directly from `fastapi`:

```python
from fastapi import Response
```

## Curingas { #wildcards }

É possível declarar a lista como `"*"` (um "curinga") para dizer que tudo está permitido.

Mas isso só permitirá certos tipos de comunicação, excluindo tudo que envolva credenciais: cookies, cabeçalhos de autorização como aqueles usados ​​com Bearer Tokens, etc.

Então, para que tudo funcione corretamente, é melhor especificar explicitamente as origens permitidas.

## Usar `CORSMiddleware` { #use-corsmiddleware }

  /**
   * Configure the ApplicationContext. Not needed unless the AndroidX Startup [Initializer] is disabled, or running
   * a robolectric test.
   *
   * The functionality that will fail without a valid Context is primarily Cookies and URL Domain handling, but
   * may expand in the future.
   */
  fun initialize(applicationContext: Context) {
    if (PlatformRegistry.applicationContext == null) {

## 通配符

也可以使用 `"*"`（一个「通配符」）声明这个列表，表示全部都是允许的。

但这仅允许某些类型的通信，不包括所有涉及凭据的内容：像 Cookies 以及那些使用 Bearer 令牌的授权 headers 等。

因此，为了一切都能正常工作，最好显式地指定允许的源。

## 使用 `CORSMiddleware`

你可以在 **FastAPI** 应用中使用 `CORSMiddleware` 来配置它。

* 导入 `CORSMiddleware`。
* 创建一个允许的源列表（由字符串组成）。
* 将其作为「中间件」添加到你的 **FastAPI** 应用中。

你也可以指定后端是否允许：

* 凭证（授权 headers，Cookies 等）。
* 特定的 HTTP 方法（`POST`，`PUT`）或者使用通配符 `"*"` 允许所有方法。

    /** The key of the configuration. e.g. true */
    String COOKIE_SEARCH_PARAMETER_http_only = "cookie.search.parameter.http_only";

    /** The key of the configuration. e.g.  */
    String COOKIE_SEARCH_PARAMETER_SECURE = "cookie.search.parameter.secure";

    /** The key of the configuration. e.g. 60 */
    String COOKIE_SEARCH_PARAMETER_max_age = "cookie.search.parameter.max_age";