Hugging Face's logo

Spaces:
abidlabs
/
gradio-ssrf-xethub-issue
Sleeping

App Files Community
gradio-ssrf-xethub-issue
File size: 960 Bytes 
497ac8a
 
51a4505
 
497ac8a
898e68e
51a4505
497ac8a
 
 
51a4505
 
 
497ac8a
 
51a4505
 
497ac8a
51a4505
 
497ac8a
51a4505
 
 
 
 
497ac8a
 
51a4505
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
import gradio as gr

# State with HuggingFace URL that redirects to cas-bridge-direct.xethub.hf.co
data_with_hf_url = [
    {
        "image": "https://huggingface.co/Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style/resolve/main/08a19840b6214b76b0607b2f9d5a7e28_63159b9d98124c008efb1d36446a615c.png",
        "title": "Test"
    }
]

def test_function(state_data):
    print("This function will never be called due to SSRF validation error")
    return gr.update()

with gr.Blocks() as demo:
    # Initialize state with problematic HuggingFace URL
    state_with_urls = gr.State(data_with_hf_url)
    
    button = gr.Button("Click me to trigger SSRF error")
    output = gr.Textbox()
    
    # This will fail with: ValueError: Hostname cas-bridge-direct.xethub.hf.co failed validation
    button.click(
        test_function,
        inputs=[state_with_urls],  # Passing state with HF URLs causes SSRF validation error
        outputs=[output]
    )

demo.launch()