🔖 Release 0.27.1

📝 Update release notes
🐛 Fix HTTP Bearer security auto-error (#282 )
2025-12-28 00:30:58 -05:00 · 2019-06-03 18:44:03 +04:00 · 2019-06-01 10:00:26 +04:00 · 2019-06-01 09:57:45 +04:00 · 2019-05-30 19:43:32 +04:00 · 2019-05-30 19:43:02 +04:00
5 changed files with 20 additions and 9 deletions
--- a/docs/release-notes.md
+++ b/docs/release-notes.md
@@ -1,4 +1,10 @@
-## Next release
+## Latest changes
+
+## 0.27.1
+
+* Fix `auto_error=False` handling in `HTTPBearer` security scheme. Do not `raise` when there's an incorrect `Authorization` header if `auto_error=False`. PR [#282](https://github.com/tiangolo/fastapi/pull/282).
+
+* Fix type declaration of `HTTPException`. PR [#279](https://github.com/tiangolo/fastapi/pull/279).

 ## 0.27.0

--- a/fastapi/init.py
+++ b/fastapi/init.py
@@ -1,6 +1,6 @@
 """FastAPI framework, high performance, easy to learn, fast to code, ready for production"""

-__version__ = "0.27.0"
+__version__ = "0.27.1"

 from starlette.background import BackgroundTasks

--- a/fastapi/exceptions.py
+++ b/fastapi/exceptions.py
@@ -1,10 +1,12 @@
+from typing import Any
+
 from pydantic import ValidationError
 from starlette.exceptions import HTTPException as StarletteHTTPException


 class HTTPException(StarletteHTTPException):
    def __init__(
-        self, status_code: int, detail: str = None, headers: dict = None
+        self, status_code: int, detail: Any = None, headers: dict = None
    ) -> None:
        super().__init__(status_code=status_code, detail=detail)
        self.headers = headers
--- a/fastapi/security/http.py
+++ b/fastapi/security/http.py
@@ -112,10 +112,13 @@ class HTTPBearer(HTTPBase):
            else:
                return None
        if scheme.lower() != "bearer":
-            raise HTTPException(
-                status_code=HTTP_403_FORBIDDEN,
-                detail="Invalid authentication credentials",
-            )
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN,
+                    detail="Invalid authentication credentials",
+                )
+            else:
+                return None
        return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)


--- a/tests/test_security_http_bearer_optional.py
+++ b/tests/test_security_http_bearer_optional.py
@@ -64,5 +64,5 @@ def test_security_http_bearer_no_credentials():

 def test_security_http_bearer_incorrect_scheme_credentials():
    response = client.get("/users/me", headers={"Authorization": "Basic notreally"})
-    assert response.status_code == 403
-    assert response.json() == {"detail": "Invalid authentication credentials"}
+    assert response.status_code == 200
+    assert response.json() == {"msg": "Create an account first"}
Author	SHA1	Message	Date
Sebastián Ramírez	2a7ef5504a	🔖 Release 0.27.1	2019-06-03 18:44:03 +04:00
Sebastián Ramírez	27964c5ffd	📝 Update release notes	2019-06-01 10:00:26 +04:00
Sebastián Ramírez	d262f6e929	🐛 Fix HTTP Bearer security auto-error (#282 )	2019-06-01 09:57:45 +04:00
Sebastián Ramírez	d61f5e4b55	📝 Update release notes	2019-05-30 19:43:32 +04:00
Sebastián Ramírez	3ed112e8a9	🐛 Fix type declaration of HTTPException (#279 )	2019-05-30 19:43:02 +04:00