proposal(15): CSP + sandbox hardening#13
Open
christian-byrne wants to merge 1 commit intoComfy-Org:mainfrom
Open
proposal(15): CSP + sandbox hardening#13christian-byrne wants to merge 1 commit intoComfy-Org:mainfrom
christian-byrne wants to merge 1 commit intoComfy-Org:mainfrom
Conversation
Security audit and hardening for the Electron app: - Add strict Content Security Policy meta tag (script-src 'self', no unsafe-inline) - Extract inline <script> block from index.html to renderer/init.js - Add explicit sandbox: true to both launcher and ComfyUI BrowserWindows - Validate shell.openExternal URLs (restrict to http/https protocols) - Validate open-path targets (resolve to absolute paths) - Add comprehensive security audit proposal with IPC surface analysis, severity ratings, fuse recommendations, and migration roadmap See .github/proposals/proposal-csp-security.md for full details. Amp-Thread-ID: https://ampcode.com/threads/T-019c7926-be08-704f-b583-1c5167315271
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposal #15: CSP + Sandbox Hardening
Security audit and hardening for the Electron app. This PR includes both a detailed proposal document and a working proof-of-concept implementation.
What This PR Does
index.html:script-src 'self'(no'unsafe-inline'),default-src 'none', restrictive resource origins<script>block fromindex.html:253-322torenderer/init.js, enabling strict CSP without'unsafe-inline'sandbox: trueto both launcher and ComfyUIBrowserWindowconfigs (already default since Electron 20, but now explicit)shell.openExternalnow only allowshttp:andhttps:protocols, preventingfile://,smb://, and custom protocol handler abuseopen-pathIPC handler now resolves to absolute pathsSecurity Audit Findings (see proposal for full details)
shell.openExternalshell.openPathlinkify()quote escaping gapFiles Changed
index.html— CSP meta tag + inline script → external file referencerenderer/init.js— New — extracted initialization codemain.js—sandbox: trueon both BrowserWindow configslib/ipc.js— URL protocol validation + path resolution.github/proposals/proposal-csp-security.md— Full security audit with IPC surface analysis, fuse recommendations, and migration roadmapWhat's NOT in This PR (future work)
@electron/fuses) — requires build pipeline integrationhttp://127.0.0.1:PORT)webContents)Dependencies
Proposal #1 (electron-vite) is listed as a dependency but this PR actually works standalone — the inline script extraction was done manually without needing a bundler.
Concerns
style-src 'unsafe-inline'is still needed because the codebase uses inlinestyleattributes extensively. This is acceptable per Electron security guidelines.GrantFileProtocolExtraPrivilegesfuse (future) needs testing since the app usesloadFile()to loadindex.html.