TBNilles/ComfyUI-Manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security patch: model downloading policy is updated

Browse Source 
doesn't allow model downloading if security level is high and ComfyUI is remotely accessible
This commit is contained in:
Dr.Lt.Data
2024-07-21 11:58:47 +09:00
parent f06afbd423
commit 93bc2ed85f
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
glob/manager_server.py
View File

@@ -985,6 +985,14 @@ async def install_model(request):
model_path = get_model_path(json_data)
if not is_allowed_security_level('middle'):
print(f"ERROR: To use this action, a security_level of `middle or below` is required. Please contact the administrator.")
return web.Response(status=403)
if not json_data['name'].endswith('.safetensors') and not is_allowed_security_level('high'):
print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.")
return web.Response(status=403)
res = False
try: