OpenAPI 中定義的安全模式，包括：

* HTTP 基本認證。
* **OAuth2**（也使用 **JWT tokens**）。在 [OAuth2 with JWT](tutorial/security/oauth2-jwt.md) 查看教學。
* API 密鑰，在：
    * 標頭（Header）
    * 查詢參數
    * Cookies，等等。

加上來自 Starlette（包括 **session cookie**）的所有安全特性。

所有的這些都是可重複使用的工具和套件，可以輕鬆與你的系統、資料儲存（Data Stores）、關聯式資料庫（RDBMS）以及非關聯式資料庫（NoSQL）等等整合。

### 依賴注入（Dependency Injection） { #dependency-injection }

* **OAuth2** (also with **JWT tokens**). Check the tutorial on [OAuth2 with JWT](tutorial/security/oauth2-jwt.md).
* API keys in:
    * Headers.
    * Query parameters.
    * Cookies, etc.

Plus all the security features from Starlette (including **session cookies**).

All built as reusable tools and components that are easy to integrate with your systems, data stores, relational and NoSQL databases, etc.

* Chaves de API em:
    * Headers.
    * parâmetros da Query.
    * Cookies etc.

Além disso, todos os recursos de segurança do Starlette (incluindo **cookies de sessão**).

def test_cookie_repr_str():
    assert repr(Cookie("teststr")) == "Cookie(teststr)"


def test_cookie_repr_none():
    assert repr(Cookie(None)) == "Cookie(None)"


def test_cookie_repr_ellipsis():
    assert repr(Cookie(...)) == "Cookie(PydanticUndefined)"


def test_cookie_repr_number():
    assert repr(Cookie(1)) == "Cookie(1)"


def test_cookie_repr_list():

## Version 4.9.2

_2021-09-30_

 *  Fix: Don't include potentially-sensitive header values in `Headers.toString()` or exceptions.
    This applies to `Authorization`, `Cookie`, `Proxy-Authorization`, and `Set-Cookie` headers.
 *  Fix: Don't crash with an `InaccessibleObjectException` when running on JDK17+ with strong
    encapsulation enabled.

internal fun parseCookie(
  currentTimeMillis: Long,
  url: HttpUrl,
  setCookie: String,
): Cookie? = Cookie.parse(currentTimeMillis, url, setCookie)

internal fun cookieToString(
  cookie: Cookie,
  forObsoleteRfc2965: Boolean,
): String = cookie.toString(forObsoleteRfc2965)

internal fun addHeaderLenient(
  builder: Headers.Builder,
  line: String,

**FastAPI** usará ese response *temporal* para extraer los headers (también cookies y el código de estado), y los pondrá en el response final que contiene el valor que devolviste, filtrado por cualquier `response_model`.

También puedes declarar el parámetro `Response` en dependencias y establecer headers (y cookies) en ellas.

## Retorna una `Response` directamente { #return-a-response-directly }

**FastAPI** utilisera cette réponse temporaire pour extraire les en-têtes (ainsi que les cookies et le code de statut), et les placera dans la réponse finale qui contient la valeur que vous avez renvoyée, filtrée par tout `response_model`.

Vous pouvez également déclarer le paramètre `Response` dans des dépendances, et y définir des en-têtes (et des cookies).

## Renvoyer une `Response` directement { #return-a-response-directly }

`Query`, `Path` ve `Cookie` parametrelerini nasıl tanımlıyorsanız, Header parametrelerini de aynı şekilde tanımlayabilirsiniz.

## `Header`'ı Import Edin { #import-header }

Önce `Header`'ı import edin:

{* ../../docs_src/header_params/tutorial001_an_py310.py hl[3] *}

## `Header` Parametrelerini Tanımlayın { #declare-header-parameters }

from fastapi import Depends, FastAPI, Response
from fastapi.testclient import TestClient

app = FastAPI()


def set_cookie(*, response: Response):
    response.set_cookie("cookie-name", "cookie-value")
    return {}


def set_indirect_cookie(*, dep: str = Depends(set_cookie)):
    return dep


@app.get("/directCookie")
def get_direct_cookie(dep: str = Depends(set_cookie)):
    return {"dep": dep}