From e537aa32f0ac19591fe90269e3469a3e255c6e78 Mon Sep 17 00:00:00 2001 From: Joey Perrott Date: Thu, 4 Jun 2026 22:00:25 +0000 Subject: [PATCH] fix(apps): prevent reflected XSS via un-encoded response --- apps/functions/dns-redirecting/index.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/functions/dns-redirecting/index.ts b/apps/functions/dns-redirecting/index.ts index 00aa7c2690..ebe988283d 100644 --- a/apps/functions/dns-redirecting/index.ts +++ b/apps/functions/dns-redirecting/index.ts @@ -64,6 +64,7 @@ export const dnsRedirecting = functions.https.onRequest( } else { // If no redirect is matched, we return a failure message response.status(404); + response.type('text/plain'); response.send( `No redirect defined for ${request.protocol}://${request.hostname}${request.originalUrl}`, );