fastapi/tiangolo
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Visiting /docs or /redocs in the example application leaks browser fingerprint, IP address and referer headers to multiple third party sites.
This leaks internal hostnames to two third party sites, in addition to creating an artificial dependency on working DNS, SSL and networking to any FastAPI application. Per #382, although it is possible to self-host, the procedure involved is significantly less than convenient, sufficiently so that an alternative solution may be preferred over FastAPI.
There are two major problems with this default that would induce me to vocally discourage further use of the framework internally:
