include::../description.adoc[]

== Noncompliant Code Example

Flask
----
from flask import Response, request
from werkzeug.datastructures import Headers

@app.route('/route')
def route():
    content_type = request.args["Content-Type"]
    response = Response()
    headers = Headers()
    headers.add("Content-Type", content_type) # Noncompliant
    response.headers = headers
    return response
----

Django
----
import django.http

def route(request):
    content_type = request.GET.get("Content-Type")
    response = django.http.HttpResponse()
    response.__setitem__('Content-Type', content_type) # Noncompliant
    return response
----

== Compliant Solution

Flask
----
from flask import Response, request
from werkzeug.datastructures import Headers
import re

@app.route('/route')
def route():
    content_type = request.args["Content-Type"]    
    allowed_content_types = r'application/(pdf|json|xml)'    
    response = Response()    
    headers = Headers()    
    if re.match(allowed_content_types, content_type):        
        headers.add("Content-Type", content_type)  # Compliant    
    else:
        headers.add("Content-Type", "application/json")        
    response.headers = headers    
    return response
----
Django
----
import django.http
import re

def route(request):
    content_type = request.GET.get("Content-Type")
    allowed_content_types = r'application/(pdf|json|xml)' 
    response = django.http.HttpResponse() 
    if re.match(allowed_content_types, content_type): 
        response.__setitem__('Content-Type', content_type) # Compliant
    else:
        response.__setitem__('Content-Type', "application/json") 
    return response
----

include::../see.adoc[]