wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-05-15 03:27:24 +08:00
Code Issues Actions 22 Packages Projects Releases Wiki Activity

Address review feedback (1 comments)

Browse Source
This commit is contained in:
orbisai0security 2026-05-13 08:26:42 +00:00
parent 5585cca20b
commit 0934c87a45
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api_server/routes/internal/internal_routes.py
View File

@ -84,7 +84,12 @@ class InternalRoutes:
if remote is None: if remote is None:
raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost") raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost")
try: try:
if not ipaddress.ip_address(remote).is_loopback: addr = ipaddress.ip_address(remote)
# Unwrap IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) so that
# is_loopback correctly evaluates the underlying IPv4 address.
if isinstance(addr, ipaddress.IPv6Address) and addr.ipv4_mapped is not None:
addr = addr.ipv4_mapped
if not addr.is_loopback:
raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost") raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost")
except ValueError: except ValueError:
raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost") raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost")