wangbo/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2026-06-12 17:07:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix: guard against None request in reject_simple_form_post

Browse Source 
queue_batch() calls update_comfyui(None) as an internal trigger when
processing an 'update_comfyui' batch item. update_comfyui() passes this
directly to reject_simple_form_post(), which unconditionally accesses
request.content_type, crashing with:

    AttributeError: 'NoneType' object has no attribute 'content_type'

This broke the 'Update All' button in the legacy Manager UI.

Fix: return None early when request is None. An internal call with no
request object cannot be a cross-origin form POST, so CSRF gating does
not apply.

Fixes #2880
This commit is contained in:
Ismail Kattakath 2026-05-14 15:06:39 -04:00
parent 01799f8cac
commit d04a3b76af
No known key found for this signature in database
GPG Key ID: ADE19D0509C61718
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
comfyui_manager/common/manager_security.py
View File

@ -62,6 +62,8 @@ def reject_simple_form_post(request) -> Optional[web.Response]:
strips parameters), so a ``multipart/form-data; boundary=----X`` header
is compared as ``multipart/form-data``.
"""
if request is None:
return None
if request.content_type in _SIMPLE_FORM_CONTENT_TYPES:
return web.Response(
status=400,