disable follow_symlinks in static serving for security reason (#2902)

This commit is contained in:
僵尸浩 2024-02-25 20:43:26 +08:00 committed by GitHub
parent 4a7e751ce6
commit 8d7910cee9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions

View File

@ -539,11 +539,11 @@ class PromptServer():
for name, dir in nodes.EXTENSION_WEB_DIRS.items(): for name, dir in nodes.EXTENSION_WEB_DIRS.items():
self.app.add_routes([ self.app.add_routes([
web.static('/extensions/' + urllib.parse.quote(name), dir, follow_symlinks=True), web.static('/extensions/' + urllib.parse.quote(name), dir),
]) ])
self.app.add_routes([ self.app.add_routes([
web.static('/', self.web_root, follow_symlinks=True), web.static('/', self.web_root),
]) ])
def get_queue_info(self): def get_queue_info(self):