The Big Idea
What if a simple middleware could protect your app from sneaky fake hosts without extra code?
0
0
Why Trusted host middleware in FastAPI? - Purpose & Use Cases
The Scenario
Imagine you run a web app and want to make sure only requests from your official website or trusted domains get through.
You try to check the request's host manually in every route handler.
The Problem
Manually checking hosts everywhere is tiring and easy to forget.
It can lead to security holes if a route misses the check.
Also, it clutters your code and slows down development.
The Solution
Trusted host middleware automatically blocks requests from unapproved hosts before they reach your app.
This keeps your app safe and your code clean.
Before vs After
✗ Before
if request.headers.get('host') not in allowed_hosts: return Response(status_code=400)
✓ After
from fastapi.middleware.trustedhost import TrustedHostMiddleware app.add_middleware(TrustedHostMiddleware, allowed_hosts=['example.com', 'www.example.com'])
What It Enables
You can focus on building features while the middleware guards your app from bad hosts.
Real Life Example
A company wants to ensure only requests from their official domains reach their API, blocking all others automatically.
Key Takeaways
Manual host checks are error-prone and repetitive.
Trusted host middleware centralizes and automates host validation.
This improves security and keeps your code simple.