We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
在 sd-webui 中使用 --gradio-auth 参数登录账户与密码后,被 hook 的一些 web 请求没有进行鉴权,导致可以直接访问本地文件。
--gradio-auth
已加密图片:
未加密图片:
可以看到,已加密图片在登录前没有cookie便可访问。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
问题描述
在 sd-webui 中使用
--gradio-auth参数登录账户与密码后,被 hook 的一些 web 请求没有进行鉴权,导致可以直接访问本地文件。复现步骤
--gradio-auth参数设置 API 密码。实际行为
使用插件未登录访问
已加密图片:
未加密图片:
使用插件已登录访问
已加密图片:
未加密图片:
可以看到,已加密图片在登录前没有cookie便可访问。
The text was updated successfully, but these errors were encountered: