Skip to content

Fix some issue with insecure browsers.#13261

Merged
comfyanonymous merged 1 commit into
masterfrom
comfyanonymous-patch-2
Apr 2, 2026
Merged

Fix some issue with insecure browsers.#13261
comfyanonymous merged 1 commit into
masterfrom
comfyanonymous-patch-2

Conversation

@comfyanonymous
Copy link
Copy Markdown
Member

@comfyanonymous comfyanonymous commented Apr 2, 2026

If you are on a recent chromium or chrome based browser this doesn't affect you.

This is to give time for the lazy firefox devs to implement PNA.

@comfyanonymous
Fix some issue with insecure browsers.
611a109 
If you are on a recent chromium or chrome based browser this doesn't affect you.

This is to give time for the lazy firefox devs to implement PNA.
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 2, 2026

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ffc25513-971b-4cf0-9e78-071d8a290970

📥 Commits

Reviewing files that changed from the base of the PR and between 0c63b4f and 611a109.

📒 Files selected for processing (1)
  • server.py
📝 Walkthrough

Walkthrough

The change adds an early security check in the origin-only middleware function. When a request includes a Sec-Fetch-Site header with the value cross-site, the middleware now immediately returns an HTTP 403 response. This header-based validation occurs before the existing origin and host matching logic, providing an additional rejection pathway compared to the previous implementation.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ❓ Inconclusive The title is vague and uses non-descriptive terms like 'some issue' that don't convey meaningful information about what the change actually does. Clarify the title to specifically mention the Sec-Fetch-Site header check or the security mechanism being implemented.
✅ Passed checks (1 passed)
Check name Status Explanation
Description check ✅ Passed The description relates to the changeset by referencing browser compatibility and PNA implementation, which connects to the security-related changes in the PR.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@comfyanonymous comfyanonymous merged commit 76b75f3 into master Apr 2, 2026
16 checks passed
@comfyanonymous comfyanonymous deleted the comfyanonymous-patch-2 branch April 2, 2026 20:39
@comfyanonymous comfyanonymous mentioned this pull request Apr 2, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kosinkadink Kosinkadink Awaiting requested review from Kosinkadink Kosinkadink is a code owner

@guill guill Awaiting requested review from guill guill is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@comfyanonymous