Glossary coding Term Page

Trusted Host

Host header allowlist that blocks requests claiming unauthorized domains.

trusted-host #web-security#fastapi

Korean version

Aliases

trusted hosthost allowlist

Related Concepts

Security Headers CORS Preflight

Core Idea

Trusted host enforcement inspects the HTTP Host header and rejects requests whose value is not on the approved list. This stops Host header attacks that could poison caches or bypass virtual host routing.

Why It Matters Here

Starlette’s TrustedHostMiddleware gives FastAPI a single place to define allowed domains, complementing security headers and rate limiting. Treat it like an access control list that filters bogus domains before more expensive work runs.

Posts Mentioning This Concept

[FastAPI 시리즈 16편] CORS와 기본 보안 레이어 갖추기 프런트엔드 연동을 위한 CORS 설정과 헤더, 속도 제한, 기본 보안 헤더 적용 방법을 다룹니다.[FastAPI Series 16] Configuring CORS and a Basic Security Layer Learn how to safely connect your FastAPI backend to frontend applications by configuring CORS, setting up rate limits, and adding essential security headers.