From 8d7910cee93e28ec4f222775d86c0a328479630e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=83=B5=E5=B0=B8=E6=B5=A9?= <348063288@qq.com>
Date: Sun, 25 Feb 2024 20:43:26 +0800
Subject: [PATCH] disable follow_symlinks in static serving for security reason
 (#2902)

---
 server.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server.py b/server.py
index dca06f6f..c6132cdf 100644
--- a/server.py
+++ b/server.py
@@ -539,11 +539,11 @@ class PromptServer():
 
         for name, dir in nodes.EXTENSION_WEB_DIRS.items():
             self.app.add_routes([
-                web.static('/extensions/' + urllib.parse.quote(name), dir, follow_symlinks=True),
+                web.static('/extensions/' + urllib.parse.quote(name), dir),
             ])
 
         self.app.add_routes([
-            web.static('/', self.web_root, follow_symlinks=True),
+            web.static('/', self.web_root),
         ])
 
     def get_queue_info(self):
-- 
GitLab