ComfyUI/utils
Matt Miller c68789b0fb revert(security): drop CVE-2026-56674 Origin: null CSRF change
Per maintainer review, the reported CSRF is already mitigated by the pre-existing
Sec-Fetch-Site: cross-site check for current browsers, and the null-origin
rejection risked breaking legitimate sandboxed-iframe embeds. Restores
origin_only_middleware and is_loopback in server.py to their prior state
(the Sec-Fetch-Site check is retained) and removes utils/origin_check.py and its
regression test. The other four GHSA-779p fixes are unaffected.
2026-07-02 20:17:16 -07:00
..
__init__.py Expand user directory for basepath in extra_models_paths.yaml (#4857) 2024-09-10 00:33:44 -04:00
extra_config.py Normalize extra_model_config.yaml paths to prevent duplicates. (#6885) 2025-02-20 07:09:45 -05:00
install_util.py Update logging level for invalid version format (#13526) 2026-04-22 20:21:43 -04:00
json_util.py [i18n] Add /i18n endpoint to provide all custom node translations (#6558) 2025-01-22 17:15:45 -05:00
mime_types.py fix: register image/svg+xml MIME type for .svg files (#13186) 2026-03-26 22:13:29 -07:00