Fastapi

Features

* ✨ Add support for extensions and updates to the OpenAPI schema in each *path operation*. New docs: [FastAPI Path Operation Advanced Configuration - OpenAPI Extra](https://fastapi.tiangolo.com/advanced/path-operation-advanced-configuration/#openapi-extra). Initial PR [1922](https://github.com/tiangolo/fastapi/pull/1922) by [edouardlp](https://github.com/edouardlp).
* ✨ Add additonal OpenAPI metadata parameters to `FastAPI` class, shown on the automatic API docs UI. New docs: [Metadata and Docs URLs](https://fastapi.tiangolo.com/tutorial/metadata/). Initial PR [#1812](https://github.com/tiangolo/fastapi/pull/1812) by [dkreeft](https://github.com/dkreeft).
* ✨ Add `description` parameter to all the security scheme classes, e.g. `APIKeyQuery(name="key", description="A very cool API key")`. PR [1757](https://github.com/tiangolo/fastapi/pull/1757) by [hylkepostma](https://github.com/hylkepostma).
* ✨ Update OpenAPI models, supporting recursive models and extensions. PR [3628](https://github.com/tiangolo/fastapi/pull/3628) by [tiangolo](https://github.com/tiangolo).
* ✨ Import and re-export data structures from Starlette, used by Request properties, on `fastapi.datastructures`. Initial PR [1872](https://github.com/tiangolo/fastapi/pull/1872) by [jamescurtin](https://github.com/jamescurtin).

Docs

* 📝 Update docs about async and response-model with more gender neutral language. PR [1869](https://github.com/tiangolo/fastapi/pull/1869) by [Edward-Knight](https://github.com/Edward-Knight).

Translations

* 🌐 Add Russian translation for `docs/python-types.md`. PR [3039](https://github.com/tiangolo/fastapi/pull/3039) by [dukkee](https://github.com/dukkee).
* 🌐 Add Chinese translation for `docs/tutorial/dependencies/index.md`. PR [3489](https://github.com/tiangolo/fastapi/pull/3489) by [jaystone776](https://github.com/jaystone776).
* 🌐 Add Russian translation for `docs/external-links.md`. PR [3036](https://github.com/tiangolo/fastapi/pull/3036) by [dukkee](https://github.com/dukkee).
* 🌐 Add Chinese translation for `docs/tutorial/dependencies/global-dependencies.md`. PR [3493](https://github.com/tiangolo/fastapi/pull/3493) by [jaystone776](https://github.com/jaystone776).
* 🌐 Add Portuguese translation for `docs/deployment/versions.md`. PR [3618](https://github.com/tiangolo/fastapi/pull/3618) by [lsglucas](https://github.com/lsglucas).
* 🌐 Add Japanese translation for `docs/tutorial/security/oauth2-jwt.md`. PR [3526](https://github.com/tiangolo/fastapi/pull/3526) by [sattosan](https://github.com/sattosan).

Internal

* ✅ Add the `docs_src` directory to test coverage and update tests. Initial PR [1904](https://github.com/tiangolo/fastapi/pull/1904) by [Kludex](https://github.com/Kludex).
* 🔧 Add new GitHub templates with forms for new issues. PR [3612](https://github.com/tiangolo/fastapi/pull/3612) by [tiangolo](https://github.com/tiangolo).
* 📝 Add official FastAPI Twitter to docs: [fastapi](https://twitter.com/fastapi). PR [#3578](https://github.com/tiangolo/fastapi/pull/3578) by [tiangolo](https://github.com/tiangolo).

Features

* ✨ Add support for `dataclasses` in request bodies and `response_model`. New documentation: [Advanced User Guide - Using Dataclasses](https://fastapi.tiangolo.com/advanced/dataclasses/). PR [#3577](https://github.com/tiangolo/fastapi/pull/3577) by [tiangolo](https://github.com/tiangolo).
* ✨ Support `dataclasses` in responses. PR [3576](https://github.com/tiangolo/fastapi/pull/3576) by [tiangolo](https://github.com/tiangolo), continuation from initial PR [#2722](https://github.com/tiangolo/fastapi/pull/2722) by [amitlissack](https://github.com/amitlissack).

Docs

* 📝 Add external link: How to Create A Fake Certificate Authority And Generate TLS Certs for FastAPI. PR [2839](https://github.com/tiangolo/fastapi/pull/2839) by [aitoehigie](https://github.com/aitoehigie).
* ✏ Fix code highlighted line in: `body-nested-models.md`. PR [3463](https://github.com/tiangolo/fastapi/pull/3463) by [jaystone776](https://github.com/jaystone776).
* ✏ Fix typo in `body-nested-models.md`. PR [3462](https://github.com/tiangolo/fastapi/pull/3462) by [jaystone776](https://github.com/jaystone776).
* ✏ Fix typo "might me" -> "might be" in `docs/en/docs/tutorial/schema-extra-example.md`. PR [3362](https://github.com/tiangolo/fastapi/pull/3362) by [dbrakman](https://github.com/dbrakman).
* 📝 Add external link: Building simple E-Commerce with NuxtJS and FastAPI. PR [3271](https://github.com/tiangolo/fastapi/pull/3271) by [ShahriyarR](https://github.com/ShahriyarR).
* 📝 Add external link: Serve a machine learning model using Sklearn, FastAPI and Docker. PR [2974](https://github.com/tiangolo/fastapi/pull/2974) by [rodrigo-arenas](https://github.com/rodrigo-arenas).
* ✏️ Fix typo on docstring in datastructures file. PR [2887](https://github.com/tiangolo/fastapi/pull/2887) by [Kludex](https://github.com/Kludex).
* 📝 Add External Link: Deploy FastAPI on Ubuntu and Serve using Caddy 2 Web Server. PR [3572](https://github.com/tiangolo/fastapi/pull/3572) by [tiangolo](https://github.com/tiangolo).
* 📝 Add External Link, replaces 1898. PR [3571](https://github.com/tiangolo/fastapi/pull/3571) by [tiangolo](https://github.com/tiangolo).

Internal

* 🎨 Improve style for sponsors, add radius border. PR [2388](https://github.com/tiangolo/fastapi/pull/2388) by [Kludex](https://github.com/Kludex).
* 👷 Update GitHub Action latest-changes. PR [3574](https://github.com/tiangolo/fastapi/pull/3574) by [tiangolo](https://github.com/tiangolo).
* 👷 Update GitHub Action latest-changes. PR [3573](https://github.com/tiangolo/fastapi/pull/3573) by [tiangolo](https://github.com/tiangolo).
* 👷 Rename and clarify CI workflow job names. PR [3570](https://github.com/tiangolo/fastapi/pull/3570) by [tiangolo](https://github.com/tiangolo).
* 👷 Update GitHub Action latest-changes, strike 2 ⚾. PR [3575](https://github.com/tiangolo/fastapi/pull/3575) by [tiangolo](https://github.com/tiangolo).
* 🔧 Sort external links in docs to have the most recent at the top. PR [3568](https://github.com/tiangolo/fastapi/pull/3568) by [tiangolo](https://github.com/tiangolo).

Translations

* 🌐 Add basic setup for German translations. PR [3522](https://github.com/tiangolo/fastapi/pull/3522) by [0x4Dark](https://github.com/0x4Dark).
* 🌐 Add Portuguese translation for `docs/tutorial/security/index.md`. PR [3507](https://github.com/tiangolo/fastapi/pull/3507) by [oandersonmagalhaes](https://github.com/oandersonmagalhaes).
* 🌐 Add Portuguese translation for `docs/deployment/index.md`. PR [3337](https://github.com/tiangolo/fastapi/pull/3337) by [lsglucas](https://github.com/lsglucas).

Internal

* 🔧 Configure strict pytest options and update/refactor tests. Upgrade pytest to `>=6.2.4,<7.0.0` and pytest-cov to `>=2.12.0,<3.0.0`. Initial PR [2790](https://github.com/tiangolo/fastapi/pull/2790) by [graingert](https://github.com/graingert).
* ⬆️ Upgrade python-jose dependency to `>=3.3.0,<4.0.0` for tests. PR [3468](https://github.com/tiangolo/fastapi/pull/3468) by [tiangolo](https://github.com/tiangolo).

Features

* ✨ Allow setting the `response_class` to `RedirectResponse` or `FileResponse` and returning the URL from the function. New and updated docs are in the tutorial section **Custom Response - HTML, Stream, File, others**, in [RedirectResponse](https://fastapi.tiangolo.com/advanced/custom-response/#redirectresponse) and in [FileResponse](https://fastapi.tiangolo.com/advanced/custom-response/#fileresponse). PR [3457](https://github.com/tiangolo/fastapi/pull/3457) by [tiangolo](https://github.com/tiangolo).

Fixes

* 🐛 Fix include/exclude for dicts in `jsonable_encoder`. PR [2016](https://github.com/tiangolo/fastapi/pull/2016) by [Rubikoid](https://github.com/Rubikoid).
* 🐛 Support custom OpenAPI / JSON Schema fields in the generated output OpenAPI. PR [1429](https://github.com/tiangolo/fastapi/pull/1429) by [jmagnusson](https://github.com/jmagnusson).

Translations

* 🌐 Add Spanish translation for `tutorial/query-params.md`. PR [2243](https://github.com/tiangolo/fastapi/pull/2243) by [mariacamilagl](https://github.com/mariacamilagl).
* 🌐 Add Spanish translation for `advanced/response-directly.md`. PR [1253](https://github.com/tiangolo/fastapi/pull/1253) by [jfunez](https://github.com/jfunez).
* 🌐 Add Spanish translation for `advanced/additional-status-codes.md`. PR [1252](https://github.com/tiangolo/fastapi/pull/1252) by [jfunez](https://github.com/jfunez).
* 🌐 Add Spanish translation for `advanced/path-operation-advanced-configuration.md`. PR [1251](https://github.com/tiangolo/fastapi/pull/1251) by [jfunez](https://github.com/jfunez).

Fixes

* ♻ Assume request bodies contain JSON when no Content-Type header is provided. This fixes a breaking change introduced by [0.65.2 with PR 2118](https://github.com/tiangolo/fastapi/pull/2118). It should allow upgrading FastAPI applications with clients that send JSON data without a `Content-Type` header. And there's still protection against CSRFs. PR [#3456](https://github.com/tiangolo/fastapi/pull/3456) by [tiangolo](https://github.com/tiangolo).

Translations

* 🌐 Initialize Indonesian translations. PR [3014](https://github.com/tiangolo/fastapi/pull/3014) by [pace-noge](https://github.com/pace-noge).
* 🌐 Add Spanish translation of Tutorial - Path Parameters. PR [2219](https://github.com/tiangolo/fastapi/pull/2219) by [mariacamilagl](https://github.com/mariacamilagl).
* 🌐 Add Spanish translation of Tutorial - First Steps. PR [2208](https://github.com/tiangolo/fastapi/pull/2208) by [mariacamilagl](https://github.com/mariacamilagl).
* 🌐 Portuguese translation of Tutorial - Body - Fields. PR [3420](https://github.com/tiangolo/fastapi/pull/3420) by [ComicShrimp](https://github.com/ComicShrimp).
* 🌐 Add Chinese translation for Tutorial - Request - Forms - and - Files. PR [3249](https://github.com/tiangolo/fastapi/pull/3249) by [jaystone776](https://github.com/jaystone776).
* 🌐 Add Chinese translation for Tutorial - Handling - Errors. PR [3299](https://github.com/tiangolo/fastapi/pull/3299) by [jaystone776](https://github.com/jaystone776).
* 🌐 Add Chinese translation for Tutorial - Form - Data. PR [3248](https://github.com/tiangolo/fastapi/pull/3248) by [jaystone776](https://github.com/jaystone776).
* 🌐 Add Chinese translation for Tutorial - Body - Updates. PR [3237](https://github.com/tiangolo/fastapi/pull/3237) by [jaystone776](https://github.com/jaystone776).
* 🌐 Add Chinese translation for FastAPI People. PR [3112](https://github.com/tiangolo/fastapi/pull/3112) by [hareru](https://github.com/hareru).
* 🌐 Add French translation for Project Generation. PR [3197](https://github.com/tiangolo/fastapi/pull/3197) by [Smlep](https://github.com/Smlep).
* 🌐 Add French translation for Python Types Intro. PR [3185](https://github.com/tiangolo/fastapi/pull/3185) by [Smlep](https://github.com/Smlep).
* 🌐 Add French translation for External Links. PR [3103](https://github.com/tiangolo/fastapi/pull/3103) by [Smlep](https://github.com/Smlep).
* 🌐 Add French translation for Alternatives, Inspiration and Comparisons. PR [3020](https://github.com/tiangolo/fastapi/pull/3020) by [rjNemo](https://github.com/rjNemo).
* 🌐 Fix Chinese translation code snippet mismatch in Tutorial - Python Types Intro. PR [2573](https://github.com/tiangolo/fastapi/pull/2573) by [BoYanZh](https://github.com/BoYanZh).
* 🌐 Add Portuguese translation for Development Contributing. PR [1364](https://github.com/tiangolo/fastapi/pull/1364) by [Serrones](https://github.com/Serrones).
* 🌐 Add Chinese translation for Tutorial - Request - Files. PR [3244](https://github.com/tiangolo/fastapi/pull/3244) by [jaystone776](https://github.com/jaystone776).

Internal

* 👥 Update FastAPI People. PR [3450](https://github.com/tiangolo/fastapi/pull/3450) by [github-actions[bot]](https://github.com/apps/github-actions).
* 👥 Update FastAPI People. PR [3319](https://github.com/tiangolo/fastapi/pull/3319) by [github-actions[bot]](https://github.com/apps/github-actions).
* ⬆ Upgrade docs development dependency on `typer-cli` to >=0.0.12 to fix conflicts. PR [3429](https://github.com/tiangolo/fastapi/pull/3429) by [tiangolo](https://github.com/tiangolo).

Security fixes

* 🔒 Check Content-Type request header before assuming JSON. Initial PR [2118](https://github.com/tiangolo/fastapi/pull/2118) by [patrickkwang](https://github.com/patrickkwang).

This change fixes a [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

In versions lower than `0.65.2`, FastAPI would try to read the request payload as JSON even if the `content-type` header sent was not set to `application/json` or a compatible JSON media type (e.g. `application/geo+json`).

So, a request with a content type of `text/plain` containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type `text/plain` are exempt from [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) preflights, for being considered [Simple requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests). So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

See [CVE-2021-32677](https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7) for more details.

Thanks to [Dima Boger](https://twitter.com/b0g3r) for the security report! 🙇🔒

Internal

* 🔧 Update sponsors badge, course bundle. PR [3340](https://github.com/tiangolo/fastapi/pull/3340) by [tiangolo](https://github.com/tiangolo).
* 🔧 Add new gold sponsor Jina 🎉. PR [3291](https://github.com/tiangolo/fastapi/pull/3291) by [tiangolo](https://github.com/tiangolo).
* 🔧 Add new banner sponsor badge for FastAPI courses bundle. PR [3288](https://github.com/tiangolo/fastapi/pull/3288) by [tiangolo](https://github.com/tiangolo).
* 👷 Upgrade Issue Manager GitHub Action. PR [3236](https://github.com/tiangolo/fastapi/pull/3236) by [tiangolo](https://github.com/tiangolo).