diff --git a/server.py b/server.py
index e58a11d8618c7a4f9a4212eec5e3f07b00e198d9..be33f41006211b0fe7af0d52607a233729c5ec47 100644
--- a/server.py
+++ b/server.py
@@ -170,9 +170,9 @@ class PromptServer():
 
                 subfolder = post.get("subfolder", "")
                 full_output_folder = os.path.join(upload_dir, os.path.normpath(subfolder))
-                filepath = os.path.join(full_output_folder, filename)
+                filepath = os.path.abspath(os.path.join(full_output_folder, filename))
 
-                if os.path.commonpath((upload_dir, os.path.abspath(filepath))) != upload_dir:
+                if os.path.commonpath((upload_dir, filepath)) != upload_dir:
                     return web.Response(status=400)
 
                 if not os.path.exists(full_output_folder):