## Additional Features { #additional-features }

There are some extra features to handle security apart from the ones covered in the [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.

/// tip

The next sections are **not necessarily "advanced"**.

And it's possible that for your use case, the solution is in one of them.

///

## Read the Tutorial first { #read-the-tutorial-first }

Given these constraints, we cannot always follow best practices.  This ADR proposes the way we should handle the use of Provider APIs in the gradle/gradle codebase.

## Decision

### Types of properties that should not use lazy types

The guidelines below do not apply to all properties. There are cases where the lazy types should not be used:

#### Non-calculated values

# Middleware

There are several middlewares available provided by Starlette directly.

Read more about them in the [FastAPI docs for Middleware](https://fastapi.tiangolo.com/advanced/middleware/).

::: fastapi.middleware.cors.CORSMiddleware

It can be imported from `fastapi`:

```python
from fastapi.middleware.cors import CORSMiddleware
```

::: fastapi.middleware.gzip.GZipMiddleware

It can be imported from `fastapi`:

# Currently, there is no way to pass multiple cookies with the same name.
# The only way to pass multiple values for cookie params is to serialize them using

   *
   * <p>Whenever possible, it is preferable to test directly for some observable change resulting
   * from GC, as with {@link #awaitClear}. Because there are no guarantees for the order of GC
   * finalization processing, there may still be some unfinished work for the GC to do after this
   * method returns.
   *
   * <p>This method does not create any memory pressure as would be required to cause soft

    //     then a[2] etc, and so on until we have rotated all elements. There are gcd(d, n) cycles
    //     in all.
    // (3) "Successive". We can consider that we are exchanging a block of size d (a[0..d-1]) with a
    //     block of size n-d (a[d..n-1]), where in general these blocks have different sizes. If we

We are not using `scopes` in this example, but the functionality is there if you need it.

///

Now, get the user data from the (fake) database, using the `username` from the form field.

If there is no such user, we return an error saying "Incorrect username or password".

For the error, we use the exception `HTTPException`:

    //     we find them, regardless of what the address policies need.
    //
    //  2. EVICTABLE: Connections not required by any address policy. This matches connections that
    //     don't participate in any policy, plus connections whose policies won't be violated if the
    //     connection is closed. We only close these if the idle connection limit is exceeded.
    //

   *
   * Prior to OkHttp 3.3.1 we accepted either form and consider them equivalent. And since OkHttp
   * 3.7.0 this is also true. But OkHttp 3.3.1 through 3.6.0 treated these as different.
   */
  @Test
  fun forJavaName_fromLegacyEnumName() {
    // These would have been considered equal in OkHttp 3.3.1, but now aren't.
    assertThat(forJavaName("SSL_RSA_EXPORT_WITH_RC4_40_MD5"))

 * <p>{@code CharSource} provides two kinds of methods:
 *
 * <ul>
 *   <li><b>Methods that return a reader:</b> These methods should return a <i>new</i>, independent
 *       instance each time they are called. The caller is responsible for ensuring that the
 *       returned reader is closed.
 *   <li><b>Convenience methods:</b> These are implementations of common operations that are