"components": {
            "securitySchemes": {
                "APIKeyCookie": {
                    "type": "apiKey",
                    "name": "key",
                    "in": "cookie",
                    "description": "An API Cookie Key",
                }
            }
        },

    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user


def test_security_api_key():
    client = TestClient(app, cookies={"key": "secret"})
    response = client.get("/users/me")
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():

## 通配符

也可以使用 `"*"`（一个「通配符」）声明这个列表，表示全部都是允许的。

但这仅允许某些类型的通信，不包括所有涉及凭据的内容：像 Cookies 以及那些使用 Bearer 令牌的授权 headers 等。

因此，为了一切都能正常工作，最好显式地指定允许的源。

## 使用 `CORSMiddleware`

你可以在 **FastAPI** 应用中使用 `CORSMiddleware` 来配置它。

* 导入 `CORSMiddleware`。
* 创建一个允许的源列表（由字符串组成）。
* 将其作为「中间件」添加到你的 **FastAPI** 应用中。

你也可以指定后端是否允许：

* 凭证（授权 headers，Cookies 等）。
* 特定的 HTTP 方法（`POST`，`PUT`）或者使用通配符 `"*"` 允许所有方法。

      Headers.Builder()
        .add("Set-Cookie: a=b")
        .add("Set-Cookie: c=d")
        .build()
    val cookies = parseAll(url, headers)
    assertThat(cookies.size).isEqualTo(2)
    assertThat(cookies[0].toString()).isEqualTo("a=b; path=/")
    assertThat(cookies[1].toString()).isEqualTo("c=d; path=/")
  }

  @Test fun builder() {
    val cookie =
      Cookie.Builder()
        .name("a")

def test_websocket_with_cookie(app: FastAPI):
    client = TestClient(app, cookies={"session": "fakesession"})
    with pytest.raises(WebSocketDisconnect):
        with client.websocket_connect("/items/foo/ws") as websocket:
            message = "Message one"
            websocket.send_text(message)
            data = websocket.receive_text()
            assert data == "Session cookie or query token value is: fakesession"

* Se você precisar enviar *Dados de Formulário* em vez de JSON, use o parâmetro `data`.
* Para passar *headers*, use um `dict` no parâmetro `headers`.
* Para *cookies*, um `dict` no parâmetro `cookies`.

Para mais informações sobre como passar dados para o backend (usando `httpx` ou `TestClient`), consulte a <a href="https://www.python-httpx.org" class="external-link" target="_blank">documentação do HTTPX</a>.

        }
    ]
}
```

## Summary

You can use **Pydantic models** to declare **query parameters** in **FastAPI**. 😎

/// tip

Spoiler alert: you can also use Pydantic models to declare cookies and headers, but you will read about that later in the tutorial. 🤫

def test_websocket_with_cookie():
    client = TestClient(app, cookies={"session": "fakesession"})
    with pytest.raises(WebSocketDisconnect):
        with client.websocket_connect("/items/foo/ws") as websocket:
            message = "Message one"
            websocket.send_text(message)
            data = websocket.receive_text()
            assert data == "Session cookie or query token value is: fakesession"

Mas você pode retornar a `JSONResponse` diretamente nas suas *operações de rota*.

Pode ser útil para retornar cabeçalhos e cookies personalizados, por exemplo.

## Retornando uma `Response`

Na verdade, você pode retornar qualquer `Response` ou subclasse dela.

/// tip | Dica

A própria `JSONResponse` é uma subclasse de `Response`.

* کلید های API:
    * <abbr title="سرصفحه ها">Headers</abbr>
    * <abbr title="پارامترهای پرسمان">Query parameters</abbr>
    * <abbr title="کوکی ها">Cookies</abbr>، و غیره.

به علاوه تمام ویژگی های امنیتی از **Statlette** (شامل **<abbr title="کوکی های جلسه">session cookies</abbr>**)

همه اینها به عنوان ابزارها و اجزای قابل استفاده ای ساخته شده اند که به راحتی با سیستم های شما، مخازن داده، پایگاه های داده رابطه ای و NoSQL و غیره ادغام میشوند.