From 9d19337b92e6cbf7b2404484c0a100b939d9ed94 Mon Sep 17 00:00:00 2001
From: Kevin London <kevinlondon@gmail.com>
Date: Sun, 4 Oct 2015 00:46:29 -0700
Subject: [PATCH] Set debug=False by default

This changes the app to run with DEBUG=False unless the environment variable for FLASK_DEBUG has been explicitly set. [Flask's docs](http://flask.pocoo.org/docs/0.10/quickstart/#debug-mode) include a note about how this should never be run on production with debug=True. [Patreon](http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly-exposed-werkzeug) was supposedly just hacked because one of their test servers had debug=True enabled so I think it makes sense to keep it disabled by default in the interest of security.
---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 94b2471..90c6dd5 100644
--- a/app.py
+++ b/app.py
@@ -229,5 +229,5 @@ def get_redirect_uri(request):
     return 'https://{hostname}/submit'.format(hostname=parsed_url.hostname)
 
 if __name__ == '__main__':
-    app.debug = os.environ.get('FLASK_DEBUG', True)
+    app.debug = os.environ.get('FLASK_DEBUG', False)
     app.run(port=7000)