From 2ea8bbeafd48784c57742ecab6cf67ee8877a920 Mon Sep 17 00:00:00 2001
From: Adam Ladachowski <adam.ladachowski@gmail.com>
Date: Sun, 15 Feb 2026 23:40:40 +0100
Subject: [PATCH] Allow entire assets/ path without auth for ComfyUI proxy

Simpler approach - just allow all requests to assets/ directory.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 tensors/server/comfyui_routes.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tensors/server/comfyui_routes.py b/tensors/server/comfyui_routes.py
index 11db560..63df792 100644
--- a/tensors/server/comfyui_routes.py
+++ b/tensors/server/comfyui_routes.py
@@ -253,8 +253,7 @@ def _check_auth(comfy_session: str | None, path: str = "", method: str = "GET")
         return
 
     # Allow static assets without auth (modulepreload doesn't send cookies)
-    static_extensions = {".js", ".css", ".woff", ".woff2", ".ttf", ".png", ".jpg", ".jpeg", ".gif", ".svg", ".ico", ".json"}
-    if any(path.lower().endswith(ext) for ext in static_extensions):
+    if path.startswith("assets/"):
         return
 
     if not _verify_session_token(comfy_session):