From 647b727ad8bf69dd8103a555b39987acde5ed4e2 Mon Sep 17 00:00:00 2001
From: Shubham <shubham11012008@gmail.com>
Date: Tue, 2 Jun 2026 10:30:02 +0530
Subject: [PATCH] Fix security vulnerability Issue 706 by removing hardcoded
 debug mode

---
 app.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app.py b/app.py
index a76c2d5..fa4d01b 100644
--- a/app.py
+++ b/app.py
@@ -54,6 +54,6 @@ def forbidden(error):
 
 
 if __name__ == "__main__":
-    # debug=True is only for local development.
-    # Never run with debug=True in a production deployment.
-    app.run(debug=True)
+    import os
+    debug_mode = os.environ.get("FLASK_DEBUG", "False").lower() in ("true", "1")
+    app.run(debug=debug_mode)