comfyanonymous 3ab3516e46 By default only accept requests where origin header matches the host. ...

Browsers are dumb and let any website do requests to localhost this should
prevent this without breaking things. CORS prevents the javascript from
reading the response but they can still write it.

At the moment this is only enabled when the --enable-cors-header argument
is not used.

2024-09-08 18:17:29 -04:00

33 KiB

Raw Blame History

View Raw