wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-05-10 01:02:56 +08:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

fix: V-001 security vulnerability

Browse Source 
Automated security fix generated by Orbis Security AI
This commit is contained in:
orbisai0security 2026-04-29 05:56:01 +00:00
parent fce0398470
commit ea86d843de
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api_server/routes/internal/internal_routes.py
View File

@ -72,7 +72,13 @@ class InternalRoutes:
def get_app(self): def get_app(self):
if self._app is None: if self._app is None:
self._app = web.Application() self._app = web.Application(middlewares=[self._local_only_middleware])
self.setup_routes() self.setup_routes()
self._app.add_routes(self.routes) self._app.add_routes(self.routes)
return self._app return self._app
@web.middleware
async def _local_only_middleware(self, request, handler):
if request.remote not in ('127.0.0.1', '::1'):
raise web.HTTPForbidden(reason="Internal endpoints are only accessible from localhost")
return await handler(request)