diff options
| author | AUTOMATIC1111 <16777216c@gmail.com> | 2023-08-21 04:38:07 +0000 |
|---|---|---|
| committer | AUTOMATIC1111 <16777216c@gmail.com> | 2023-08-21 04:38:07 +0000 |
| commit | 76ae1019b96c4673231a116f0b20bb85ebec5666 (patch) | |
| tree | 72dbe23b0e02c01a60edd6c28d634ff020bbdf5e | |
| parent | a7f18b22979338e3b3f705708e0319d738f43bf0 (diff) | |
| download | stable-diffusion-webui-gfx803-76ae1019b96c4673231a116f0b20bb85ebec5666.tar.gz stable-diffusion-webui-gfx803-76ae1019b96c4673231a116f0b20bb85ebec5666.tar.bz2 stable-diffusion-webui-gfx803-76ae1019b96c4673231a116f0b20bb85ebec5666.zip | |
add settings for http/https URLs in source images in api
| -rw-r--r-- | modules/api/api.py | 46 | ||||
| -rw-r--r-- | modules/shared_options.py | 6 |
2 files changed, 32 insertions, 20 deletions
diff --git a/modules/api/api.py b/modules/api/api.py index fed83f8f..42fbbe3d 100644 --- a/modules/api/api.py +++ b/modules/api/api.py @@ -57,29 +57,35 @@ def setUpscalers(req: dict): return reqDict -def decode_base64_to_image(encoding): - def verify_url(url): - import socket - from urllib.parse import urlparse - try: - parsed_url = urlparse(url) - domain_name = parsed_url.netloc - host = socket.gethostbyname_ex(domain_name) - for ip in host[2]: - ip_addr = ipaddress.ip_address(ip) - # https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address.is_global - if not ip_addr.is_global: - return False - except Exception: - return False - - return True +def verify_url(url): + """Returns True if the url refers to a global resource.""" + + import socket + from urllib.parse import urlparse + try: + parsed_url = urlparse(url) + domain_name = parsed_url.netloc + host = socket.gethostbyname_ex(domain_name) + for ip in host[2]: + ip_addr = ipaddress.ip_address(ip) + if not ip_addr.is_global: + return False + except Exception: + return False + return True + + +def decode_base64_to_image(encoding): if encoding.startswith("http://") or encoding.startswith("https://"): - if not verify_url(encoding): - raise HTTPException(status_code=500, detail="Invalid image url") + if not opts.api_enable_requests: + raise HTTPException(status_code=500, detail="Requests not allowed") + + if opts.api_forbid_local_requests and not verify_url(encoding): + raise HTTPException(status_code=500, detail="Request to local resource not allowed") - response = requests.get(encoding, timeout=30, headers={'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36'}) + headers = {'user-agent': opts.api_useragent} if opts.api_useragent else {} + response = requests.get(encoding, timeout=30, headers=headers) try: image = Image.open(BytesIO(response.content)) return image diff --git a/modules/shared_options.py b/modules/shared_options.py index 8630d474..5f30e8e9 100644 --- a/modules/shared_options.py +++ b/modules/shared_options.py @@ -111,6 +111,12 @@ options_templates.update(options_section(('system', "System"), { "hide_ldm_prints": OptionInfo(True, "Prevent Stability-AI's ldm/sgm modules from printing noise to console."),
}))
+options_templates.update(options_section(('API', "API"), {
+ "api_enable_requests": OptionInfo(True, "Allow http:// and https:// URLs for input images in API"),
+ "api_forbid_local_requests": OptionInfo(True, "Forbid URLs to local resources"),
+ "api_useragent": OptionInfo("", "User agent for requests"),
+}))
+
options_templates.update(options_section(('training', "Training"), {
"unload_models_when_training": OptionInfo(False, "Move VAE and CLIP to RAM when training if possible. Saves VRAM."),
"pin_memory": OptionInfo(False, "Turn on pin_memory for DataLoader. Makes training slightly faster but can increase memory usage."),
|