Chapter 4: Middleware and the ASGI Pipeline
ASP.NET Core middleware wraps the request delegate. ASGI middleware does the same conceptual job: inspect or modify requests and responses around downstream handling.
Common Python middleware:
- CORS middleware.
- Trusted host middleware.
- HTTPS redirect middleware, depending on deployment.
- Session middleware for cookie-backed browser sessions.
- Custom correlation ID or request logging middleware.
Example:
from fastapi import FastAPI, Request
from starlette.middleware.cors import CORSMiddleware
app = FastAPI()
app.add_middleware(
CORSMiddleware,
allow_origins=["https://recipes.example.com"],
allow_credentials=True,
allow_methods=["GET", "POST", "PUT", "DELETE"],
allow_headers=["Authorization", "Content-Type"],
)
@app.middleware("http")
async def add_request_id(request: Request, call_next):
request_id = request.headers.get("x-request-id", "generated-later")
response = await call_next(request)
response.headers["x-request-id"] = request_id
return responseBest practice:
- Keep middleware small.
- Use dependencies for endpoint-specific behavior.
- Use middleware for truly cross-cutting behavior.
- Be careful with request body reads inside middleware; body streams can be consumed.
- Put proxy, HTTPS, host, and CORS decisions in deployment-aware configuration.