mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
10 lines
306 B
Python
10 lines
306 B
Python
# Unsafe: Flask response.headers.add receives a value built from request
|
|
# args. HEADER_INJECTION fires on the value argument.
|
|
from flask import request, make_response
|
|
|
|
|
|
def handler():
|
|
lang = request.args.get("lang")
|
|
resp = make_response("ok")
|
|
resp.headers.add("X-Lang", lang)
|
|
return resp
|