ComfyUI/utils
Matt Miller e4eb7f2698 security: address review feedback on GHSA-779p fixes
- Fix Windows CI failure in test_get_annotated_filepath: compare against
  os.path.abspath(...) to match the intentional abspath normalization added
  by the traversal hardening (abspath prepends the drive letter on Windows).
- origin_check: narrow the bare `except:` in is_loopback() to ValueError so
  genuine interrupts aren't swallowed (review nit).
- origin_check: guard .port access in is_cross_origin_forbidden() so a
  malformed/out-of-range port (e.g. Origin: http://127.0.0.1:99999) fails
  closed with a 403 instead of surfacing an uncaught 500 in the middleware.
- server /view: escape backslash/quote in the Content-Disposition filename
  (RFC 6266 quoted-string) so a filename containing a double quote can't
  malform the response header.
2026-07-02 19:58:06 -07:00
..
__init__.py Expand user directory for basepath in extra_models_paths.yaml (#4857) 2024-09-10 00:33:44 -04:00
extra_config.py Normalize extra_model_config.yaml paths to prevent duplicates. (#6885) 2025-02-20 07:09:45 -05:00
install_util.py Update logging level for invalid version format (#13526) 2026-04-22 20:21:43 -04:00
json_util.py [i18n] Add /i18n endpoint to provide all custom node translations (#6558) 2025-01-22 17:15:45 -05:00
mime_types.py fix: register image/svg+xml MIME type for .svg files (#13186) 2026-03-26 22:13:29 -07:00
origin_check.py security: address review feedback on GHSA-779p fixes 2026-07-02 19:58:06 -07:00