Comfy-Org/ComfyUI_frontend
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI_frontend.git synced 2026-04-25 00:39:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge main (as of 10-06-2025) into rh-test (#5965)

Browse Source 
## Summary

Merges latest changes from `main` as of 10-06-2025.

┆Issue is synchronized with this [Notion
page](https://www.notion.so/PR-5965-Merge-main-as-of-10-06-2025-into-rh-test-2856d73d3650812cb95fd8917278a770)
by [Unito](https://www.unito.io)

---------

Signed-off-by: Marcel Petrick <mail@marcelpetrick.it>
Co-authored-by: filtered <176114999+webfiltered@users.noreply.github.com>
Co-authored-by: Christian Byrne <cbyrne@comfy.org>
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Alexander Brown <drjkl@comfy.org>
Co-authored-by: Benjamin Lu <benceruleanlu@proton.me>
Co-authored-by: Terry Jia <terryjia88@gmail.com>
Co-authored-by: snomiao <snomiao@gmail.com>
Co-authored-by: Simula_r <18093452+simula-r@users.noreply.github.com>
Co-authored-by: Jake Schroeder <jake.schroeder@isophex.com>
Co-authored-by: Comfy Org PR Bot <snomiao+comfy-pr@gmail.com>
Co-authored-by: AustinMroz <4284322+AustinMroz@users.noreply.github.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Johnpaul Chiwetelu <49923152+Myestery@users.noreply.github.com>
Co-authored-by: Marcel Petrick <mail@marcelpetrick.it>
Co-authored-by: Alexander Brown <DrJKL0424@gmail.com>
Co-authored-by: Benjamin Lu <benjaminlu1107@gmail.com>
Co-authored-by: Alexander Piskun <13381981+bigcat88@users.noreply.github.com>
Co-authored-by: Rizumu Ayaka <rizumu@ayaka.moe>
Co-authored-by: JakeSchroeder <jake@axiom.co>
Co-authored-by: AustinMroz <austin@comfy.org>
Co-authored-by: DrJKL <DrJKL@users.noreply.github.com>
Co-authored-by: ComfyUI Wiki <contact@comfyui-wiki.com>
This commit is contained in:
Arjan Singh
2025-10-08 19:06:40 -07:00
committed by GitHub
parent 529a4de583
commit 5869b04e57
454 changed files with 32333 additions and 37002 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
tests-ui/tests/utils/hostWhitelist.test.ts Normal file
View File

@@ -0,0 +1,145 @@
import { describe, expect, it } from 'vitest'
import { isHostWhitelisted, normalizeHost } from '@/utils/hostWhitelist'
describe('hostWhitelist utils', () => {
describe('normalizeHost', () => {
it.each([
['LOCALHOST', 'localhost'],
['localhost.', 'localhost'], // trims trailing dot
['localhost:5173', 'localhost'], // strips :port
['127.0.0.1:5173', '127.0.0.1'], // strips :port
['[::1]:5173', '::1'], // strips brackets + :port
['[::1]', '::1'], // strips brackets
['::1', '::1'], // leaves plain IPv6
[' [::1] ', '::1'], // trims whitespace
['APP.LOCALHOST', 'app.localhost'], // lowercases
['example.com.', 'example.com'], // trims trailing dot
['[2001:db8::1]:8443', '2001:db8::1'], // IPv6 with brackets+port
['2001:db8::1', '2001:db8::1'] // plain IPv6 stays
])('normalizeHost(%o) -> %o', (input, expected) => {
expect(normalizeHost(input)).toBe(expected)
})
it('does not strip non-numeric suffixes (not a port pattern)', () => {
expect(normalizeHost('example.com:abc')).toBe('example.com:abc')
expect(normalizeHost('127.0.0.1:abc')).toBe('127.0.0.1:abc')
})
})
describe('isHostWhitelisted', () => {
describe('localhost label', () => {
it.each([
'localhost',
'LOCALHOST',
'localhost.',
'localhost:5173',
'foo.localhost',
'Foo.Localhost',
'sub.foo.localhost',
'foo.localhost:5173'
])('should allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(true)
})
it.each([
'localhost.com',
'evil-localhost',
'notlocalhost',
'foo.localhost.evil'
])('should NOT allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(false)
})
})
describe('IPv4 127/8 loopback', () => {
it.each([
'127.0.0.1',
'127.1.2.3',
'127.255.255.255',
'127.0.0.1:3000',
'127.000.000.001', // leading zeros are still digits 0-255
'127.0.0.1.' // trailing dot should be tolerated
])('should allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(true)
})
it.each([
'126.0.0.1',
'127.256.0.1',
'127.-1.0.1',
'127.0.0.1:abc',
'128.0.0.1',
'192.168.1.10',
'10.0.0.2',
'0.0.0.0',
'255.255.255.255',
'127.0.0', // malformed
'127.0.0.1.5' // malformed
])('should NOT allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(false)
})
})
describe('IPv6 loopback ::1 (all textual forms)', () => {
it.each([
'::1',
'[::1]',
'[::1]:5173',
'::0001',
'0:0:0:0:0:0:0:1',
'0000:0000:0000:0000:0000:0000:0000:0001',
// Compressed equivalents of ::1 (with zeros compressed)
'0:0::1',
'0:0:0:0:0:0::1',
'::0:1' // compressing the initial zeros (still ::1 when expanded)
])('should allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(true)
})
it.each([
'::2',
'::',
'::0',
'0:0:0:0:0:0:0:2',
'fe80::1', // link-local, not loopback
'2001:db8::1',
'::1:5173', // bracketless "port-like" suffix must not pass
':::1', // invalid (triple colon)
'0:0:0:0:0:0:::1', // invalid compression
'[::1%25lo0]',
'[::1%25lo0]:5173',
'::1%25lo0'
])('should NOT allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(false)
})
it('should reject empty/whitespace-only input', () => {
expect(isHostWhitelisted('')).toBe(false)
expect(isHostWhitelisted(' ')).toBe(false)
})
})
describe('comfy.org hosts', () => {
it.each([
'staging.comfy.org',
'stagingcloud.comfy.org',
'pr-123.testingcloud.comfy.org',
'api.v2.staging.comfy.org'
])('should allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(true)
})
it.each([
'comfy.org.evil.com',
'evil-comfy.org',
'comfy.organization',
'notcomfy.org',
'comfy.org.hacker.net',
'mycomfy.org.example.com'
])('should NOT allow %o', (input) => {
expect(isHostWhitelisted(input)).toBe(false)
})
})
})
})