Skip to content

Remove tokens from history items #8889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 13, 2025
Merged

Remove tokens from history items #8889

merged 1 commit into from
Jul 13, 2025

Conversation

christian-byrne
Copy link
Collaborator

Remove auth_token_comfy_org and api_key_comfy_org from extra_data before storing prompt history, in case history items are ever persisted to disk in the future and to protect users with open network.

@christian-byrne
Remove auth tokens from history storage
94a2835 
Remove auth_token_comfy_org and api_key_comfy_org from extra_data before
storing prompt history to prevent sensitive authentication tokens from
being persisted in the history endpoint response.
@christian-byrne
Copy link
Collaborator Author

Test Process:

  1. Ran api node workflow with firebase login
  2. Ran api node workflow with API key login
  3. Refreshed page and ensured login persisted
  4. Switch between stability AI and bfl api nodes and ensured still worked
  5. For all of the above, checked history response objects and ensured fields were correctly removed
remove-auth-token-from-history.mp4

@comfyanonymous comfyanonymous merged commit 480375f into comfyanonymous:master Jul 13, 2025
6 checks passed
rakki194 pushed a commit to rakki194/ComfyUI that referenced this pull request Jul 21, 2025
@christian-byrne @rakki194
Remove auth tokens from history storage (comfyanonymous#8889)
cdc9b74 
Remove auth_token_comfy_org and api_key_comfy_org from extra_data before
storing prompt history to prevent sensitive authentication tokens from
being persisted in the history endpoint response.
Vander-Bilt pushed a commit to Vander-Bilt/ComfyUI that referenced this pull request Aug 26, 2025
@christian-byrne
Remove auth tokens from history storage (comfyanonymous#8889)
365eb26 
Remove auth_token_comfy_org and api_key_comfy_org from extra_data before
storing prompt history to prevent sensitive authentication tokens from
being persisted in the history endpoint response.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@comfyanonymous comfyanonymous Awaiting requested review from comfyanonymous comfyanonymous is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@christian-byrne @comfyanonymous