ComfyUI/tests-unit/security_test
Matt Miller c68789b0fb revert(security): drop CVE-2026-56674 Origin: null CSRF change
Per maintainer review, the reported CSRF is already mitigated by the pre-existing
Sec-Fetch-Site: cross-site check for current browsers, and the null-origin
rejection risked breaking legitimate sandboxed-iframe embeds. Restores
origin_only_middleware and is_loopback in server.py to their prior state
(the Sec-Fetch-Site check is retained) and removes utils/origin_check.py and its
regression test. The other four GHSA-779p fixes are unaffected.
2026-07-02 20:17:16 -07:00
..
__init__.py security: fix five vulnerabilities (GHSA-779p-m5rp-r4h4) 2026-07-02 19:10:30 -07:00
test_ghsa_779p_02_preview_traversal.py security: fix five vulnerabilities (GHSA-779p-m5rp-r4h4) 2026-07-02 19:10:30 -07:00
test_ghsa_779p_03_annotated_traversal.py security: address CodeRabbit review feedback on GHSA-779p tests 2026-07-02 20:13:36 -07:00
test_ghsa_779p_04_userdata_xss.py security: fix five vulnerabilities (GHSA-779p-m5rp-r4h4) 2026-07-02 19:10:30 -07:00
test_ghsa_779p_05_dangerous_content_types.py security: address CodeRabbit review feedback on GHSA-779p tests 2026-07-02 20:13:36 -07:00