mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2026-07-03 21:20:49 +08:00
The API request logger writes request/response details to persistent plaintext files in the temp/api_logs directory. Without masking, the Authorization header (which carries the user's Comfy API bearer token for paid nodes like Grok, Bria, Runway, Gemini, and Rodin) is written verbatim to every log file. These files are never cleaned up, so tokens accumulate on disk indefinitely. Fix: mask Authorization, X-API-Key, Cookie, Set-Cookie, and Proxy-Authorization headers before writing to log files. Non-sensitive headers pass through unchanged. 9 tests: masking behavior, case-insensitivity, non-mutation of original, and end-to-end verification that the token does not appear in the log file. Signed-off-by: John Kearney <johndanielkearney@gmail.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| _helpers.py | ||
| client.py | ||
| common_exceptions.py | ||
| conversions.py | ||
| download_helpers.py | ||
| request_logger.py | ||
| upload_helpers.py | ||
| validation_utils.py | ||