mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2025-12-16 17:42:58 +08:00
--disable-api-nodes now sets CSP header to force frontend offline. (#10829)
This commit is contained in:
comfyanonymous
GitHub
parent
ecb683b057
commit
532938b16b
@ -160,7 +160,7 @@ parser.add_argument("--windows-standalone-build", action="store_true", help="Win
|
|||||||
parser.add_argument("--disable-metadata", action="store_true", help="Disable saving prompt metadata in files.")
|
parser.add_argument("--disable-metadata", action="store_true", help="Disable saving prompt metadata in files.")
|
||||||
parser.add_argument("--disable-all-custom-nodes", action="store_true", help="Disable loading all custom nodes.")
|
parser.add_argument("--disable-all-custom-nodes", action="store_true", help="Disable loading all custom nodes.")
|
||||||
parser.add_argument("--whitelist-custom-nodes", type=str, nargs='+', default=[], help="Specify custom node folders to load even when --disable-all-custom-nodes is enabled.")
|
parser.add_argument("--whitelist-custom-nodes", type=str, nargs='+', default=[], help="Specify custom node folders to load even when --disable-all-custom-nodes is enabled.")
|
||||||
parser.add_argument("--disable-api-nodes", action="store_true", help="Disable loading all api nodes.")
|
parser.add_argument("--disable-api-nodes", action="store_true", help="Disable loading all api nodes. Also prevents the frontend from communicating with the internet.")
|
||||||
|
|
||||||
parser.add_argument("--multi-user", action="store_true", help="Enables per-user storage.")
|
parser.add_argument("--multi-user", action="store_true", help="Enables per-user storage.")
|
||||||
|
|
||||||
|
|||||||
19
server.py
19
server.py
@ -164,6 +164,22 @@ def create_origin_only_middleware():
|
|||||||
|
|
||||||
return origin_only_middleware
|
return origin_only_middleware
|
||||||
|
|
||||||
|
|
||||||
|
def create_block_external_middleware():
|
||||||
|
@web.middleware
|
||||||
|
async def block_external_middleware(request: web.Request, handler):
|
||||||
|
if request.method == "OPTIONS":
|
||||||
|
# Pre-flight request. Reply successfully:
|
||||||
|
response = web.Response()
|
||||||
|
else:
|
||||||
|
response = await handler(request)
|
||||||
|
|
||||||
|
response.headers['Content-Security-Policy'] = "default-src 'self'; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'self';"
|
||||||
|
return response
|
||||||
|
|
||||||
|
return block_external_middleware
|
||||||
|
|
||||||
|
|
||||||
class PromptServer():
|
class PromptServer():
|
||||||
def __init__(self, loop):
|
def __init__(self, loop):
|
||||||
PromptServer.instance = self
|
PromptServer.instance = self
|
||||||
@ -193,6 +209,9 @@ class PromptServer():
|
|||||||
else:
|
else:
|
||||||
middlewares.append(create_origin_only_middleware())
|
middlewares.append(create_origin_only_middleware())
|
||||||
|
|
||||||
|
if args.disable_api_nodes:
|
||||||
|
middlewares.append(create_block_external_middleware())
|
||||||
|
|
||||||
max_upload_size = round(args.max_upload_size * 1024 * 1024)
|
max_upload_size = round(args.max_upload_size * 1024 * 1024)
|
||||||
self.app = web.Application(client_max_size=max_upload_size, middlewares=middlewares)
|
self.app = web.Application(client_max_size=max_upload_size, middlewares=middlewares)
|
||||||
self.sockets = dict()
|
self.sockets = dict()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user