headless - Code Search

tests/test_security_http_basic_realm_description.py

    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'


def test_security_http_basic_invalid_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 24 19:03:06 GMT 2025

- 2.7K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/en/docs/advanced/behind-a-proxy.md

But for security, as the server doesn't know it is behind a trusted proxy, it won't interpret those headers.

/// note | Technical Details

The proxy headers are:

* <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-For" class="external-link" target="_blank">X-Forwarded-For</a>

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Wed Dec 17 20:41:43 GMT 2025

- 16.4K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/header_test.go

		if !isEqual(test.ExpectedHeader, test.Header) {
			t.Errorf("Test %d: filtered headers do not match expected headers - got: %v , want: %v", i, test.Header, test.ExpectedHeader)
		}
		RemoveSensitiveEntries(metadata)
		if !areKeysEqual(test.ExpectedHeader, metadata) {
			t.Errorf("Test %d: filtered headers do not match expected headers - got: %v , want: %v", i, test.Header, test.ExpectedHeader)
		}
	}

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Wed Jul 13 14:52:15 GMT 2022

- 21.4K bytes

- Click Count (0)

github.com/minio/minio

cmd/bucket-object-lock.go

// enforceRetentionBypassForDelete enforces whether an existing object under governance can be deleted
// with governance bypass headers set in the request.
// Objects under site wide WORM can never be overwritten.
// For objects in "Governance" mode, overwrite is allowed if a) object retention date is past OR
// governance bypass headers are set and user has governance bypass permissions.

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Fri Aug 08 02:38:25 GMT 2025

- 13.3K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_security_oauth2_password_bearer_optional_description.py


def test_token():
    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {"token": "testtoken"}


def test_incorrect_token():
    response = client.get("/items", headers={"Authorization": "Notexistent testtoken"})
    assert response.status_code == 200, response.text

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Fri Jun 30 18:25:16 GMT 2023

- 2.2K bytes

- Click Count (0)

github.com/square/okhttp

okhttp/src/commonJvmAndroid/kotlin/okhttp3/internal/http2/Hpack.kt

      private fun evictToRecoverBytes(bytesToRecover: Int): Int {
        var bytesToRecover = bytesToRecover
        var entriesToEvict = 0
        if (bytesToRecover > 0) {
          // determine how many headers need to be evicted.
          var j = dynamicTable.size - 1
          while (j >= nextHeaderIndex && bytesToRecover > 0) {
            val toEvict = dynamicTable[j]!!
            bytesToRecover -= toEvict.hpackSize

Created: Fri Dec 26 11:42:13 GMT 2025

- Last Modified: Mon May 05 16:01:00 GMT 2025

- 22.4K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_security_openid_connect_optional.py

client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "Bearer footokenbar"}


def test_security_oauth2_password_other_header():
    response = client.get("/users/me", headers={"Authorization": "Other footokenbar"})
    assert response.status_code == 200, response.text

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Fri Jun 30 18:25:16 GMT 2023

- 2.4K bytes

- Click Count (0)

github.com/minio/minio

cmd/signature-v4_test.go

				"response-content-type": "application/json",
			},
			headers: map[string]string{
				"X-Amz-Date":           now.Format(iso8601Format),
				"X-Amz-Content-Sha256": payloadSHA256,
			},
			region:   "",
			expected: ErrSignatureDoesNotMatch,
		},
		// (9) Should error with unsigned headers.
		{
			queryParams: map[string]string{
				"X-Amz-Algorithm":       signV4Algorithm,

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Wed Apr 09 14:28:39 GMT 2025

- 10.5K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/zh/docs/advanced/response-cookies.md

{* ../../docs_src/response_cookies/tutorial002.py hl[1,8:9] *}

而且你还可以根据你的需要响应不同的对象，比如常用的 `dict`，数据库model等。

如果你定义了 `response_model`，程序会自动根据`response_model`来过滤和转换你响应的对象。

**FastAPI** 会使用这个 *临时* 响应对象去装在这些cookies信息 (同样还有headers和状态码等信息), 最终会将这些信息和通过`response_model`转化过的数据合并到最终的响应里。

你也可以在depend中定义`Response`参数，并设置cookie和header。

## 直接响应 `Response`

你还可以在直接响应`Response`时直接创建cookies。

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Sat Oct 11 17:48:49 GMT 2025

- 2.1K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs_src/security/tutorial004_an_py310.py

async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username = payload.get("sub")
        if username is None:

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Sep 29 02:57:38 GMT 2025

- 4.1K bytes

- Click Count (0)

Search Options