From 6a55db07664bbabb66e3a1b8e3e66c4e6d6562b2 Mon Sep 17 00:00:00 2001 From: Andray Date: Sun, 3 May 2026 08:49:42 +0400 Subject: [PATCH 1/2] fix comfy manager (--enable-manager) doesn't work when --disable-api-nodes is used (Content-Security-Policy error) --- server.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/server.py b/server.py index 881da8e66..ddef6b1b4 100644 --- a/server.py +++ b/server.py @@ -192,8 +192,18 @@ def create_block_external_middleware(): response = web.Response() else: response = await handler(request) - - response.headers['Content-Security-Policy'] = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' data:; frame-src 'self'; object-src 'self';" + connectSrc = "'self' data:" + if args.enable_manager: + connectSrc += " https://api.comfy.org" + response.headers['Content-Security-Policy'] = ( + "default-src 'self'; " + "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; " + "style-src 'self' 'unsafe-inline'; " + "img-src 'self' data: blob:; " + "font-src 'self'; " + f"connect-src {connectSrc}; " + "frame-src 'self'; " + "object-src 'self';") return response return block_external_middleware From 434e6769152824fe4735c3551518a923d9890ff5 Mon Sep 17 00:00:00 2001 From: Andray Date: Sun, 3 May 2026 09:00:11 +0400 Subject: [PATCH 2/2] use --comfy-api-base value instead of hardcoded api base address --- server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server.py b/server.py index ddef6b1b4..ec6675cfd 100644 --- a/server.py +++ b/server.py @@ -194,7 +194,7 @@ def create_block_external_middleware(): response = await handler(request) connectSrc = "'self' data:" if args.enable_manager: - connectSrc += " https://api.comfy.org" + connectSrc += " " + args.comfy_api_base response.headers['Content-Security-Policy'] = ( "default-src 'self'; " "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; "