class gafaelfawr.middleware.state.StateMiddleware(app, *, cookie_name, state_class)#

Bases: BaseHTTPMiddleware, Generic[T]

Middleware to read and update an encrypted state cookie.

If a cookie by the given name exists, it will be parsed by the given class and stored as request.state.cookie. If anything in that object is changed as determined by an equality comparison, the state will be converted back to a cookie and set in the response after the request is complete.

The cookie will be marked as HttpOnly and will be marked as Secure unless the application is running on localhost and not using TLS.

This middleware should run after XForwardedMiddleware since the results of that middleware are used to determine if the cookie should be marked as secure.

  • app (FastAPI) – The ASGI application.

  • cookie_name (str) – The name of the state cookie.

  • state_class (type[TypeVar(T, bound= BaseState)]) – The class to use to parse the cookie. Must be derived from BaseState.