|
32 | 32 | - [4. Create endpoints](#4-create-endpoints) |
33 | 33 | - [5. Write tests](#5-write-tests) |
34 | 34 | - [Deployment strategies - via Docker image](#deployment-strategies---via-docker-image) |
| 35 | + - [Docs URL, CORS and Allowed Hosts](#docs-url-cors-and-allowed-hosts) |
35 | 36 |
|
36 | 37 | ## Features |
37 | 38 |
|
@@ -92,8 +93,11 @@ bash init.sh |
92 | 93 | ### And this is it: |
93 | 94 | uvicorn app.main:app --reload |
94 | 95 |
|
95 | | -# Then probably - use git init to initialize git repository |
| 96 | +# You can access docs on by default |
| 97 | +# |
96 | 98 | ``` |
| 99 | +You should then use `git init` to initialize git repository and access OpenAPI spec at http://localhost:8000/ by default. To customize docs url, cors and allowed hosts settings, read section about it. |
| 100 | + |
97 | 101 |
|
98 | 102 | ### Running tests |
99 | 103 |
|
@@ -379,3 +383,43 @@ This template has by default included `Dockerfile` with [Nginx Unit](https://uni |
379 | 383 | `nginx-unit-config.json` file included in main folder has some default configuration options, runs app in single process and thread. More info about config file here https://unit.nginx.org/configuration/#python and about also read howto for FastAPI: https://unit.nginx.org/howto/fastapi/. |
380 | 384 |
|
381 | 385 | If you prefer other webservers for FastAPI, check out [Daphne](https://github.com/django/daphne), [Hypercorn](https://pgjones.gitlab.io/hypercorn/index.html) or [Uvicorn](https://www.uvicorn.org/). |
| 386 | + |
| 387 | +## Docs URL, CORS and Allowed Hosts |
| 388 | + |
| 389 | +There are some **opinionated** default settings in `/app/main.py` for documentation, CORS and allowed hosts. |
| 390 | + |
| 391 | +1. Docs |
| 392 | + |
| 393 | + ```python |
| 394 | + app = FastAPI( |
| 395 | + title=config.settings.PROJECT_NAME, |
| 396 | + version=config.settings.VERSION, |
| 397 | + description=config.settings.DESCRIPTION, |
| 398 | + openapi_url="/openapi.json", |
| 399 | + docs_url="/", |
| 400 | + ) |
| 401 | + ``` |
| 402 | + Docs page is simpy `/` (by default in FastAPI it is `/docs`). Title, version and description are taken directly from `config` and then directly from `pyproject.toml` file. You can change it completely for the project, remove or use environment variables `PROJECT_NAME`, `VERSION`, `DESCRIPTION`. |
| 403 | + |
| 404 | +2. CORS |
| 405 | + |
| 406 | + ```python |
| 407 | + app.add_middleware( |
| 408 | + CORSMiddleware, |
| 409 | + allow_origins=[str(origin) for origin in config.settings.BACKEND_CORS_ORIGINS], |
| 410 | + allow_credentials=True, |
| 411 | + allow_methods=["*"], |
| 412 | + allow_headers=["*"], |
| 413 | + ) |
| 414 | + ``` |
| 415 | + |
| 416 | + If you are not sure what are CORS for, follow https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS. React and most frontend frameworks nowadays operate on `localhost:3000` thats why it's included in `BACKEND_CORS_ORIGINS` in .env file, before going production be sure to include and frontend domain here, like `my-fontend-app.example.com` |
| 417 | + |
| 418 | +3. Allowed Hosts |
| 419 | + |
| 420 | + ```python |
| 421 | + app.add_middleware(TrustedHostMiddleware, allowed_hosts=config.settings.ALLOWED_HOSTS) |
| 422 | + ``` |
| 423 | + |
| 424 | + Prevents HTTP Host Headers attack, you shoud put here you server IP or (preferably) full domain under it's accessible like `example.com`. By default in .env there are two most popular records: `ALLOWED_HOSTS=["localhost", "127.0.0.1"]` |
| 425 | + |
0 commit comments