Address adversarial-review findings on FE-745 metadata propagation:
- send_sync previously spread active_prompt_metadata onto every dict
payload, contaminating unrelated status/queue broadcasts with the
running prompt's workflow_id. Change the slot to (prompt_id, metadata)
and only inject when payload.prompt_id matches the active prompt_id.
Same condition applied to the WS reconnect catch-up frame.
- post_prompt now validates extra_data.metadata at the submission
boundary: flat dict[str,str], max 16 keys, 64-char keys, 256-char
values, and reserved server-side keys (prompt_id, node, output, etc.)
are rejected with 400. Removes the broadcast-amplification vector
where a client could submit arbitrarily large metadata and force it
onto every WS frame.
- Extract validate_client_metadata + caps into app/prompt_metadata.py so
tests can import without pulling server.py's import-time side effects.
- Expand tests-unit/server_test/test_prompt_metadata.py from 12 to 47:
add TestStatusBroadcastsAreNotContaminated for prompt_id-scoping and
TestValidateClientMetadata for the new submission-boundary checks
(including parametrized reserved-key rejection).
server.py builds an opaque dict at submission time from extra_data and pins
it on PromptServer.active_prompt_metadata while main.py's worker drives the
prompt. send_sync spreads the dict's key/value pairs onto outgoing payloads
so frames carry whatever tags the submission attached (today: workflow_id).
The mechanism is intentionally untyped — the transport layer doesn't know
what workflow_id means or treat any key specially. Adding a new propagated
field requires only a one-line addition in post_prompt; execution.py and
comfy_execution/progress.py are not touched.
execution.py changes: 0 lines.
After a frontend update (e.g. nightly build), browsers could load
outdated cached index.html and JS/CSS chunks, causing dynamically
imported modules to fail with MIME type errors and vite:preloadError.
Hard refresh (Ctrl+Shift+R) was insufficient to fix the issue because
Cache-Control: no-cache still allows the browser to cache and
revalidate via ETags. aiohttp's FileResponse auto-generates ETags
based on file mtime+size, which may not change after pip reinstall,
so the browser gets 304 Not Modified and serves stale content.
Clearing ALL site data in DevTools did fix it, confirming the HTTP
cache was the root cause.
The fix changes:
- index.html: no-cache -> no-store, must-revalidate
- JS/CSS/JSON entry points: no-cache -> no-store
no-store instructs browsers to never cache these responses, ensuring
every page load fetches the current index.html with correct chunk
references. This is a small tradeoff (~5KB re-download per page load)
for guaranteed correctness after updates.
