return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_base():
    response = client.get("/users/me", headers={"Authorization": "Other foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Other", "credentials": "foobar"}


def test_security_http_base_no_credentials():

而且你还可以根据你的需要响应不同的对象，比如常用的 `dict`，数据库model等。

如果你定义了 `response_model`，程序会自动根据`response_model`来过滤和转换你响应的对象。

**FastAPI** 会使用这个 *临时* 响应对象去装在这些cookies信息 (同样还有headers和状态码等信息), 最终会将这些信息和通过`response_model`转化过的数据合并到最终的响应里。

你也可以在depend中定义`Response`参数，并设置cookie和header。

## 直接响应 `Response`

你还可以在直接响应`Response`时直接创建cookies。

你可以参考[Return a Response Directly](response-directly.md){.internal-link target=_blank}来创建response

	public final fun -deprecated_headers ()Lokhttp3/Headers;
	public final fun -deprecated_method ()Ljava/lang/String;
	public final fun -deprecated_path ()Ljava/lang/String;
	public final fun -deprecated_response ()Lokhttp3/mockwebserver/MockResponse;
	public fun <init> (Ljava/lang/String;Ljava/lang/String;Lokhttp3/Headers;Lokhttp3/mockwebserver/MockResponse;)V
	public final fun headers ()Lokhttp3/Headers;
	public final fun method ()Ljava/lang/String;

              println("onResponseStarted ${info.headers.asMap} ${info.negotiatedProtocol}")
              request.read(ByteBuffer.allocateDirect(4096 * 8))
            }

            override fun onReadCompleted(
              request: UrlRequest,
              info: UrlResponseInfo,
              byteBuffer: ByteBuffer,
            ) {
              println("onReadCompleted ${info.headers.asMap}")
              byteBuffer.flip()

    assert response.json() == "foo"
    assert response.headers["content-type"] == "application/x-level-1"
    assert "x-level0" in response.headers
    assert "x-level1" in response.headers
    assert "x-level2" not in response.headers
    assert "x-level3" not in response.headers
    assert "x-level4" not in response.headers
    assert "x-level5" not in response.headers


def test_level1_default():

        return HTTPException(
            status_code=HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )

    async def __call__(self, request: Request) -> Optional[str]:
        authorization = request.headers.get("Authorization")
        if not authorization:
            if self.auto_error:
                raise self.make_not_authenticated_error()

client = TestClient(app)


def test_cookie_is_set_once():
    direct_response = client.get("/directCookie")
    indirect_response = client.get("/indirectCookie")
    assert (
        direct_response.headers["set-cookie"] == indirect_response.headers["set-cookie"]

In this case the middleware will intercept the incoming request and respond with appropriate CORS headers, and either a `200` or `400` response for informational purposes.

### Simple requests { #simple-requests }

Any request with an `Origin` header. In this case the middleware will pass the request through as normal, but will include appropriate CORS headers on the response.

}

// Apply applies the SSE bucket configuration on the given HTTP headers and
// sets the specified SSE headers.
//
// Apply does not overwrite any existing SSE headers. Further, it will
// set minimal SSE-KMS headers if autoEncrypt is true and the BucketSSEConfig
// is nil.
func (b *BucketSSEConfig) Apply(headers http.Header, opts ApplyOptions) {
	if crypto.Requested(headers) {
		return
	}
	if b == nil {
		if opts.AutoEncrypt {

def test_read_nonexistent_item():
    response = client.get("/items/baz", headers={"X-Token": "coneofsilence"})
    assert response.status_code == 404
    assert response.json() == {"detail": "Item not found"}


def test_create_item():
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},