Advanced Middleware¶
In the main tutorial you read how to addCustom Middleware to your application.
And then you also read how to handleCORS with theCORSMiddleware.
In this section we'll see how to use other middlewares.
Adding ASGI middlewares¶
AsFastAPI is based on Starlette and implements theASGI specification, you can use any ASGI middleware.
A middleware doesn't have to be made for FastAPI or Starlette to work, as long as it follows the ASGI spec.
In general, ASGI middlewares are classes that expect to receive an ASGI app as the first argument.
So, in the documentation for third-party ASGI middlewares they will probably tell you to do something like:
fromunicornimportUnicornMiddlewareapp=SomeASGIApp()new_app=UnicornMiddleware(app,some_config="rainbow")But FastAPI (actually Starlette) provides a simpler way to do it that makes sure that the internal middlewares handle server errors and custom exception handlers work properly.
For that, you useapp.add_middleware() (as in the example for CORS).
fromfastapiimportFastAPIfromunicornimportUnicornMiddlewareapp=FastAPI()app.add_middleware(UnicornMiddleware,some_config="rainbow")app.add_middleware() receives a middleware class as the first argument and any additional arguments to be passed to the middleware.
Integrated middlewares¶
FastAPI includes several middlewares for common use cases, we'll see next how to use them.
Technical Details
For the next examples, you could also usefrom starlette.middleware.something import SomethingMiddleware.
FastAPI provides several middlewares infastapi.middleware just as a convenience for you, the developer. But most of the available middlewares come directly from Starlette.
HTTPSRedirectMiddleware¶
Enforces that all incoming requests must either behttps orwss.
Any incoming request tohttp orws will be redirected to the secure scheme instead.
fromfastapiimportFastAPIfromfastapi.middleware.httpsredirectimportHTTPSRedirectMiddlewareapp=FastAPI()app.add_middleware(HTTPSRedirectMiddleware)@app.get("/")asyncdefmain():return{"message":"Hello World"}TrustedHostMiddleware¶
Enforces that all incoming requests have a correctly setHost header, in order to guard against HTTP Host Header attacks.
fromfastapiimportFastAPIfromfastapi.middleware.trustedhostimportTrustedHostMiddlewareapp=FastAPI()app.add_middleware(TrustedHostMiddleware,allowed_hosts=["example.com","*.example.com"])@app.get("/")asyncdefmain():return{"message":"Hello World"}The following arguments are supported:
allowed_hosts- A list of domain names that should be allowed as hostnames. Wildcard domains such as*.example.comare supported for matching subdomains. To allow any hostname either useallowed_hosts=["*"]or omit the middleware.www_redirect- If set to True, requests to non-www versions of the allowed hosts will be redirected to their www counterparts. Defaults toTrue.
If an incoming request does not validate correctly then a400 response will be sent.
GZipMiddleware¶
Handles GZip responses for any request that includes"gzip" in theAccept-Encoding header.
The middleware will handle both standard and streaming responses.
fromfastapiimportFastAPIfromfastapi.middleware.gzipimportGZipMiddlewareapp=FastAPI()app.add_middleware(GZipMiddleware,minimum_size=1000,compresslevel=5)@app.get("/")asyncdefmain():return"somebigcontent"The following arguments are supported:
minimum_size- Do not GZip responses that are smaller than this minimum size in bytes. Defaults to500.compresslevel- Used during GZip compression. It is an integer ranging from 1 to 9. Defaults to9. Lower value results in faster compression but larger file sizes, while higher value results in slower compression but smaller file sizes.
Other middlewares¶
There are many other ASGI middlewares.
For example:
To see other available middlewares checkStarlette's Middleware docs and theASGI Awesome List.