Comfy-Org/ComfyUI_frontend
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI_frontend.git synced 2026-05-21 21:09:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(remote): scope auth header attachment to comfyApi client only

Browse Source 
Only fetch and attach the platform auth header when descriptor.client === 'comfyApi'. The RemoteRequestClient union currently only contains 'comfyApi', but this guard prevents future additions from accidentally leaking platform credentials to external/non-platform routes.
This commit is contained in:
Glary-Bot
2026-05-12 05:09:45 +00:00
parent 531248d387
commit 34dff7e369
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/platform/remote/composables/useRemoteOptions.ts
View File

@@ -30,9 +30,12 @@ async function executeRemoteRequest(
descriptor: RemoteRequestDescriptor,
signal: AbortSignal
): Promise<unknown> {
const authStore = useAuthStore()
const authHeader = await authStore.getAuthHeader()
const headers = authHeader ? { ...authHeader } : undefined
let headers: Record<string, string> | undefined
if (descriptor.client === 'comfyApi') {
const authStore = useAuthStore()
const authHeader = await authStore.getAuthHeader()
headers = authHeader ? { ...authHeader } : undefined
}
const url = resolveUrl(descriptor, getComfyApiBaseUrl())
const response = await axios.get(url, {
params: descriptor.params,