# Sıkı Content-Type Kontrolü { #strict-content-type-checking }

Varsayılan olarak FastAPI, JSON request body'leri için sıkı Content-Type header kontrolü uygular. Bu, JSON request'lerin body'lerinin JSON olarak parse edilebilmesi için geçerli bir Content-Type header'ı (örn. application/json) içermesi gerektiği anlamına gelir.

## CSRF Riski { #csrf-risk }

## `TrustedHostMiddleware` { #trustedhostmiddleware }

Примушує, щоб усі вхідні запити мали коректно встановлений заголовок `Host`, щоб захиститися від атак HTTP Host Header.

{* ../../docs_src/advanced_middleware/tutorial002_py310.py hl[2,6:8] *}

Підтримуються такі аргументи:

如果你有一組彼此相關的「**Cookie**」，你可以建立一個「**Pydantic 模型**」來宣告它們。🍪

這樣你就能在**多處**重複使用該模型，並且能一次性為所有參數宣告**驗證**與**中繼資料**。😎

/// note | 注意

自 FastAPI 版本 `0.115.0` 起支援。🤓

///

/// tip

同樣的技巧也適用於 `Query`、`Cookie` 與 `Header`。😎

///

## 以 Pydantic 模型宣告 Cookie { #cookies-with-a-pydantic-model }

在 **Pydantic 模型**中宣告所需的 **Cookie** 參數，接著將參數宣告為 `Cookie`：

{* ../../docs_src/cookie_param_models/tutorial001_an_py310.py hl[9:12,16] *}

client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "Bearer footokenbar"}


def test_security_oauth2_password_other_header():
    response = client.get("/users/me", headers={"Authorization": "Other footokenbar"})
    assert response.status_code == 200, response.text

# Password ile OAuth2 (ve hashing), JWT token'ları ile Bearer { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Artık tüm security flow elimizde olduğuna göre, uygulamayı gerçekten güvenli hâle getirelim: <abbr title="JSON Web Token'lar">JWT</abbr> token'ları ve güvenli password hashing kullanacağız.

Bu kodu uygulamanızda gerçekten kullanabilirsiniz; password hash'lerini veritabanınıza kaydedebilirsiniz, vb.

## Використання `Depends` та іншого { #using-depends-and-others }

У кінцевих точках WebSocket ви можете імпортувати з `fastapi` і використовувати:

* `Depends`
* `Security`
* `Cookie`
* `Header`
* `Path`
* `Query`

Вони працюють так само, як для інших ендпойнтів FastAPI/*операцій шляху*:

{* ../../docs_src/websockets_/tutorial002_an_py310.py hl[68:69,82] *}

/// info

    id: Annotated[
        str | None,
        AfterValidator(_check_id_no_null),
        Doc(
            """
            Optional event ID.

            The browser sends this value back as the `Last-Event-ID` header on
            automatic reconnection. **Must not contain null (`\\0`) characters.**
            """
        ),
    ] = None
    retry: Annotated[
        int | None,
        Field(ge=0),
        Doc(

	file, err := os.Open(mountFilePath)
	if err != nil {
		return nil, err
	}
	defer file.Close()
	return parseMountFrom(file)
}

func parseMountFrom(file io.Reader) (mountInfos, error) {
	mounts := mountInfos{}
	scanner := bufio.NewReader(file)
	for {
		line, err := scanner.ReadString('\n')
		if err == io.EOF {
			break
		}

		fields := strings.Fields(line)

# ========================================================================================
# Framework Default
# =================
# ----------------------------------------------------------
# Lasta Taglib
# ------------
errors.header = <ul class="has-error">
errors.footer = </ul>
errors.prefix = <li><i class="fa fa-exclamation-circle"></i>
errors.suffix = </li>
# ----------------------------------------------------------
# Javax Validator

MINIO_IDENTITY_PLUGIN_ROLE_ID       (string)    unique ID to generate the ARN
MINIO_IDENTITY_PLUGIN_COMMENT       (sentence)  optionally add a comment to this setting
```

If provided, the auth token parameter is sent as an authorization header.

`MINIO_IDENTITY_PLUGIN_ROLE_POLICY` is a required parameter and can be list of comma separated policy names.