from django.http import JsonResponse, HttpResponse
import requests
def download_custom_award(request):
try:
custom_img = requests.get(request.GET.get('award'))
response = HttpResponse(custom_img.content, content_type='application/PNG')
filename = "Your_Award.png"
response['Content-Disposition'] = 'attachment; filename=%s' % (filename)
return response
except Exception as e:
return JsonResponse({'Status': 404, "message": e.message})
This developer was trying to force the browser to download a custom image rather than show it inline, so he coded an open reverse proxy and attempted to release it to a production web app. Also, all exceptions are trapped and shown to the user in plaintext in their browser.