Trusted host middleware helps your app accept requests only from safe website addresses. It blocks requests from unknown or harmful sources.
from fastapi import FastAPI from starlette.middleware.trustedhost import TrustedHostMiddleware app = FastAPI() app.add_middleware( TrustedHostMiddleware, allowed_hosts=["example.com", "www.example.com"] )
The allowed_hosts list contains the hostnames your app trusts.
Use "*" to allow all hosts, but this disables protection.
myapp.com are accepted.app.add_middleware(
TrustedHostMiddleware,
allowed_hosts=["myapp.com"]
)app.add_middleware(
TrustedHostMiddleware,
allowed_hosts=["localhost", "127.0.0.1"]
)app.add_middleware(
TrustedHostMiddleware,
allowed_hosts=["*"]
)This FastAPI app only accepts requests where the host header is "example.com" or "www.example.com". Other hosts get blocked.
from fastapi import FastAPI from starlette.middleware.trustedhost import TrustedHostMiddleware from fastapi.responses import PlainTextResponse app = FastAPI() app.add_middleware( TrustedHostMiddleware, allowed_hosts=["example.com", "www.example.com"] ) @app.get("/") async def read_root(): return PlainTextResponse("Hello from trusted host!")
TrustedHostMiddleware returns a 400 error if the host is not allowed.
Make sure to include all domain variants your app uses (with and without www).
Use this middleware early in your middleware stack for best protection.
Trusted host middleware blocks requests from unknown hosts.
Configure it with a list of allowed hostnames.
It helps protect your app from host header attacks.