from django.http import JsonResponse, HttpResponse
import requests

def download_custom_award(request):
    try:
        custom_img = requests.get(request.GET.get('award'))
        response = HttpResponse(custom_img.content, content_type='application/PNG')
        filename = "Your_Award.png"
        response['Content-Disposition'] = 'attachment; filename=%s' % (filename)
        return response
    except Exception as e:
        return JsonResponse({'Status': 404, "message": e.message})

This developer was trying to force the browser to download a custom image rather than show it inline, so he coded an open reverse proxy and attempted to release it to a production web app. Also, all exceptions are trapped and shown to the user in plaintext in their browser.

By Anonymous, 2020-05-26 10:38:31