1580158
/
ComfyUI
mirror of https://github.com/comfyanonymous/ComfyUI
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix some issue with insecure browsers. (#13261) 

If you are on a recent chromium or chrome based browser this doesn't affect you.

This is to give time for the lazy firefox devs to implement PNA.
pull/13264/head
comfyanonymous 2026-04-02 13:39:34 -07:00 committed by GitHub
parent 0c63b4f6e3
commit 76b75f3ad7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server.py
View File

@ -146,6 +146,10 @@ def is_loopback(host):
def create_origin_only_middleware():
@web.middleware
async def origin_only_middleware(request: web.Request, handler):
if 'Sec-Fetch-Site' in request.headers:
sec_fetch_site = request.headers['Sec-Fetch-Site']
if sec_fetch_site == 'cross-site':
return web.Response(status=403)
#this code is used to prevent the case where a random website can queue comfy workflows by making a POST to 127.0.0.1 which browsers don't prevent for some dumb reason.
#in that case the Host and Origin hostnames won't match
#I know the proper fix would be to add a cookie but this should take care of the problem in the meantime