Regression in the `exclude` parameter for `pydantic` `Field` #14252

walsha2 · 2025-10-30T00:05:21Z

walsha2
Oct 30, 2025

First Check

I added a very descriptive title here.
I used the GitHub search to find a similar question and didn't find it.
I searched the FastAPI documentation, with the integrated search.
I already searched in Google "How to X in FastAPI" and didn't find any information.
I already read and followed all the tutorial in the docs and didn't find an answer.
I already checked if it is not related to FastAPI but to Pydantic.
I already checked if it is not related to FastAPI but to Swagger UI.
I already checked if it is not related to FastAPI but to ReDoc.

Commit to Help

I commit to help with one of those options 👆

Example Code

import json

from fastapi import FastAPI
from pydantic import BaseModel, Field


class DatabaseFieldInfo(BaseModel):
    name: str = Field(
        default="",
        description="Name of the field in the Database collection",
    )


class DatabaseCollectionInfo(BaseModel):
    name: str = Field(
        description="Name of the Database collection",
    )
    description: str = Field(
        default="",
        description="Description of the Database collection",
    )
    fields: list[DatabaseFieldInfo] = Field(
        default_factory=list,
        description="List of fields in the Database collection",
        json_schema_extra={"default": []},
        exclude=True,
    )


app = FastAPI(title="Minimal FastAPI App", version="1.0.0")


@app.get("/collection", response_model=DatabaseCollectionInfo)
async def get_collection_info() -> DatabaseCollectionInfo:
    return DatabaseCollectionInfo(name="example_collection", fields=[])


if __name__ == "__main__":
    openapi_spec = app.openapi()
    print(json.dumps(openapi_spec, indent=2))

Description

Running the example provide will result in the following output.

Note that fields is set to be exclude=True and it is indeed excluded from the DatabaseCollectionInfo schema, BUT the DatabaseFieldInfo is still rendered in the components list even though it is never used in the API footprint.

This is a regression and was working in 0.118.3, but is no longer working in 0.120.2

{
  "openapi": "3.1.0",
  "info": {
    "title": "Minimal FastAPI App",
    "version": "1.0.0"
  },
  "paths": {
    "/collection": {
      "get": {
        "summary": "Get Collection Info",
        "operationId": "get_collection_info_collection_get",
        "responses": {
          "200": {
            "description": "Successful Response",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/DatabaseCollectionInfo"
                }
              }
            }
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "DatabaseCollectionInfo": {
        "properties": {
          "name": {
            "type": "string",
            "title": "Name",
            "description": "Name of the Database collection"
          },
          "description": {
            "type": "string",
            "title": "Description",
            "description": "Description of the Database collection",
            "default": ""
          }
        },
        "type": "object",
        "required": [
          "name"
        ],
        "title": "DatabaseCollectionInfo"
      },
      "DatabaseFieldInfo": {
        "properties": {
          "name": {
            "type": "string",
            "title": "Name",
            "description": "Name of the field in the Database collection",
            "default": ""
          }
        },
        "type": "object",
        "title": "DatabaseFieldInfo"
      }
    }
  }
}

Operating System

macOS

Operating System Details

No response

FastAPI Version

0.120.2

Pydantic Version

2.12.3

Python Version

Python 3.13.1

Additional Context

Why is this problematic? Setting exclude=True is useful when you need to prevent implementation details from being exposed to the outside world, e.g. via the OpenAPI spec.

But in this regression, even though exclude is set and it is indeed excluded from the parent schema, the nested schemas associated with it are still exposed and can leak details that the API author does not want to expose in the spec, even if the data is not returned by the API.

YuriiMotov · 2025-10-30T08:46:55Z

YuriiMotov
Oct 30, 2025
Collaborator

Minimized code example:

from fastapi import FastAPI
from pydantic import BaseModel, Field


class A(BaseModel):
    name: str = ""

class B(BaseModel):
    name: str
    a: A = Field(exclude=True)

app = FastAPI()


@app.get("/")
async def get_b() -> B:
    return B(name="example", a=A(name="example"))


def test_a_not_in_schemas():
    openapi = app.openapi()
    assert "A" not in openapi["components"]["schemas"].keys()
    # AssertionError: assert 'A' not in dict_keys(['A', 'B'])

So, A schema is not used, but it's included in components

0 replies

superboum · 2025-12-01T14:55:12Z

superboum
Dec 1, 2025

Using your minimized code example, I ran git bisect and found this commit as being the culprit:

d34918abf00c93ac592c5d1d1c55650d8c1b92ec is the first bad commit
commit d34918abf00c93ac592c5d1d1c55650d8c1b92ec
Author: Sebastián Ramírez <[email protected]>
Date:   Sat Oct 11 18:45:54 2025 +0200

    ✨ Add support for `from pydantic.v1 import BaseModel`, mixed Pydantic v1 and v2 models in the same app (#14168)

And the associated PR: #14168

I got a look at get_compat_model_name_map() for pydantic v2 on both good (0.118.3) and bad (0.119.0) versions:

On 0.118.3, it always returns an empty dict: https://github.com/fastapi/fastapi/blob/0.118.3/fastapi/_compat.py#L222-L223
On 0.119.0, it runs some logic including fetching/referencing excluded models: https://github.com/fastapi/fastapi/blob/0.119.0/fastapi/_compat/main.py#L215-L224

Applying the following patch makes @YuriiMotov code example works:

diff --git a/fastapi/_compat/v2.py b/fastapi/_compat/v2.py
index 29606b9f..51540e25 100644
--- a/fastapi/_compat/v2.py
+++ b/fastapi/_compat/v2.py
@@ -375,6 +375,7 @@ def get_model_fields(model: Type[BaseModel]) -> List[ModelField]:
     return [
         ModelField(field_info=field_info, name=name)
         for name, field_info in model.model_fields.items()
+        if not field_info.exclude
     ]

The issue lies in how pydantic.schemas.FieldInfo is not kept along the fastapi._compat.v2 logic but, instead, is rebuilt without the proper information.

For now, I'm monkey patching FastAPI like that:

def monkey_patch_fastapi_openapi_exclude() -> None:
    import logging

    import fastapi._compat.v2
    from pydantic import BaseModel

    def get_model_fields(model: type[BaseModel]) -> list[fastapi._compat.v2.ModelField]:
        return [
            fastapi._compat.v2.ModelField(field_info=field_info, name=name)
            for name, field_info in model.model_fields.items()
            if not field_info.exclude
        ]

    fastapi._compat.v2.get_model_fields = get_model_fields
    logging.info("fastapi._compat.v2.get_model_fields is monkey patched to support Field(exclude=True)")


monkey_patch_fastapi_openapi_exclude()

1 reply

YuriiMotov Dec 5, 2025
Collaborator

@superboum, thank you for investigation and proposed patch!

I took a look at this issue and I here is what I found out:

The patch you proposed fixes the issue and doesn't break any existing tests, but I think this approach is wrong:
- get_model_fields is used not only for schema generation logic, but also in solve_dependency. Changing it may lead to issues in the future
- there is also exclude_if parameter alternative to exclude
This issue is also relevant to FastAPI with Pydantic V1 and with V1 it fails even on FastAPI less than 0.119.0. So, it probably never worked this way with Pydantic V1.

Considering it's officially announced that FastAPI will drop the support of Pydantic V1 soon and this issue shouldn't be a problem in migrating from Pydantic V1 to Pydantic V2 (since this never worked with Pydantic V1), I think we should just wait for dropping the Pydantic V1 support. Then the logic will likely be reverted to the one used before 0.119.0 and problem will be resolved.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Regression in the `exclude` parameter for `pydantic` `Field` #14252

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Regression in the exclude parameter for pydantic Field #14252

Uh oh!

Uh oh!

walsha2 Oct 30, 2025

First Check

Commit to Help

Example Code

Description

Operating System

Operating System Details

FastAPI Version

Pydantic Version

Python Version

Additional Context

Replies: 2 comments · 1 reply

Uh oh!

Uh oh!

YuriiMotov Oct 30, 2025 Collaborator

Uh oh!

Uh oh!

superboum Dec 1, 2025

Uh oh!

YuriiMotov Dec 5, 2025 Collaborator

Regression in the `exclude` parameter for `pydantic` `Field` #14252

walsha2
Oct 30, 2025

Replies: 2 comments 1 reply

YuriiMotov
Oct 30, 2025
Collaborator

superboum
Dec 1, 2025

YuriiMotov Dec 5, 2025
Collaborator