The **server** program (for example **Uvicorn** via **FastAPI CLI**) is capable of interpreting these headers, and then passing that information to your application.

But for security, as the server doesn't know it is behind a trusted proxy, it won't interpret those headers.

/// note | Technical Details

The proxy headers are:

В следующих главах я дам более **конкретные рецепты** по развёртыванию приложений FastAPI.

А пока давайте разберём важные **идеи**. Эти концепции применимы и к другим типам веб‑API. 💡

## Безопасность — HTTPS { #security-https }

В [предыдущей главе про HTTPS](https.md){.internal-link target=_blank} мы разобрались, как HTTPS обеспечивает шифрование для вашего API.

      throw new UnsupportedOperationException();
    }

    @Override
    public E aboveSamplesGreater() {
      throw new UnsupportedOperationException();
    }
  }

  /*
   * TODO(cpovirk): surely we can find a less ugly solution than a class that accepts 3 parameters,
   * exposes as many getters, does work in the constructor, and has both a superclass and a subclass
   */

    - [Server Binaries](#server-binaries-4)
    - [Node Binaries](#node-binaries-4)
    - [Container Images](#container-images-4)
  - [Changelog since v1.30.9](#changelog-since-v1309)
  - [Important Security Information](#important-security-information)
    - [CVE-2025-0426: Node Denial of Service via Kubelet Checkpoint API](#cve-2025-0426-node-denial-of-service-via-kubelet-checkpoint-api)
  - [Changes by Kind](#changes-by-kind-4)

    - [Server Binaries](#server-binaries-2)
    - [Node Binaries](#node-binaries-2)
    - [Container Images](#container-images-2)
  - [Changelog since v1.31.11](#changelog-since-v13111)
  - [Important Security Information](#important-security-information)
    - [CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference](#cve-2025-5187-nodes-can-delete-themselves-by-adding-an-ownerreference)
  - [Changes by Kind](#changes-by-kind-2)

import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Proxy;
import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.reflect.WildcardType;
import java.security.AccessControlException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map.Entry;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;

    -->
    <test.add.opens>
      --add-opens java.base/java.lang=ALL-UNNAMED
      --add-opens java.base/java.util=ALL-UNNAMED
      --add-opens java.base/sun.security.jca=ALL-UNNAMED
    </test.add.opens>
    <module.status>integration</module.status>
    <variant.jvmEnvironment>android</variant.jvmEnvironment>

    -->
    <test.add.opens>
      --add-opens java.base/java.lang=ALL-UNNAMED
      --add-opens java.base/java.util=ALL-UNNAMED
      --add-opens java.base/sun.security.jca=ALL-UNNAMED
    </test.add.opens>
    <module.status>integration</module.status>
    <variant.jvmEnvironment>standard-jvm</variant.jvmEnvironment>

    }

    private static void interruptThreadSafely(final QueryThread thread) {
        try {
            thread.interrupt();
        } catch (final SecurityException e) {
            log.error("Security exception interrupting thread", e);
        }
    }

    private static void joinThread(final Thread thread) {
        try {
            thread.join();
        } catch (final InterruptedException e) {

 * [iana_tls_parameters]: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
 * [sslengine]: https://developer.android.com/reference/javax/net/ssl/SSLEngine.html
 * [oracle_providers]: https://docs.oracle.com/javase/10/security/oracle-providers.htm
 * [conscrypt_providers]: https://github.com/google/conscrypt/blob/master/common/src/main/java/org/conscrypt/NativeCrypto.java
 */
class CipherSuite private constructor(
  /**