wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-05-30 19:07:25 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
jaewon/fe-745-implement-refactor-workflow_id-propagation-to-use-metadata
ComfyUI/app
History
dante01yoon db9c8cc2fd
Some checks failed
Python Linting / Run Ruff (push) Has been cancelled
Details
Python Linting / Run Pylint (push) Has been cancelled
Details
fix(server): scope prompt metadata to active prompt_id and validate at submission 
Address adversarial-review findings on FE-745 metadata propagation:

- send_sync previously spread active_prompt_metadata onto every dict
  payload, contaminating unrelated status/queue broadcasts with the
  running prompt's workflow_id. Change the slot to (prompt_id, metadata)
  and only inject when payload.prompt_id matches the active prompt_id.
  Same condition applied to the WS reconnect catch-up frame.

- post_prompt now validates extra_data.metadata at the submission
  boundary: flat dict[str,str], max 16 keys, 64-char keys, 256-char
  values, and reserved server-side keys (prompt_id, node, output, etc.)
  are rejected with 400. Removes the broadcast-amplification vector
  where a client could submit arbitrarily large metadata and force it
  onto every WS frame.

- Extract validate_client_metadata + caps into app/prompt_metadata.py so
  tests can import without pulling server.py's import-time side effects.

- Expand tests-unit/server_test/test_prompt_metadata.py from 12 to 47:
  add TestStatusBroadcastsAreNotContaminated for prompt_id-scoping and
  TestValidateClientMetadata for the new submission-boundary checks
  (including parametrized reserved-key rejection).
2026-05-20 19:01:38 +09:00
..
assets fix(assets): recognize temp directory in asset category resolution (#13159) 2026-03-25 19:59:59 -07:00
database feat(assets): align local API with cloud spec (#12863) 2026-03-16 12:34:04 -07:00
__init__.py Add FrontendManager to manage non-default front-end impl (#3897) 2024-07-16 11:26:11 -04:00
app_settings.py Update frontend to v1.25.10 and revert navigation mode override (#9522) 2025-08-23 17:54:01 -04:00
custom_node_manager.py This should not be a warning. (#7946) 2025-05-05 07:49:07 -04:00
frontend_management.py Generalize frontend version warning to all comfy* requirements.txt entries (#13875) 2026-05-14 16:13:30 -07:00
logger.py Repeat frontend version warning at the end. 2025-03-12 07:13:40 -04:00
model_manager.py New Year ruff cleanup. (#11595) 2026-01-01 22:06:14 -05:00
node_replace_manager.py fix: make NodeReplaceManager.register() idempotent (#13596) 2026-05-07 19:21:12 -07:00
prompt_metadata.py fix(server): scope prompt metadata to active prompt_id and validate at submission 2026-05-20 19:01:38 +09:00
subgraph_manager.py fix: specify UTF-8 encoding when reading subgraph files (#12563) 2026-02-21 15:05:00 -08:00
user_manager.py fix: return millisecond timestamps from get_file_info() (#12996) 2026-05-06 10:56:09 +08:00