Spaces:
Sleeping
Sleeping
| import gradio as gr | |
| # Problematic URL that triggers the SSRF validation error | |
| # This is a legitimate Hugging Face URL that should be allowed | |
| problematic_url = "https://huggingface.co/Norod78/JojosoStyle-flux-lora/resolve/main/samples/1725217578243__000000000_0.jpg" | |
| # Sample data with image URLs (similar to loras_state) | |
| sample_data = [ | |
| { | |
| "title": "Sample LoRA", | |
| "image": problematic_url, # This URL causes the issue | |
| "repo": "some/repo" | |
| } | |
| ] | |
| def dummy_function(text_input, state_data): | |
| """ | |
| This function should be called when button is clicked, | |
| but the error occurs before it even executes. | |
| """ | |
| print("Function was called!") # This should appear in logs but doesn't | |
| return f"Processed: {text_input}", state_data | |
| # Create the interface | |
| with gr.Blocks() as demo: | |
| gr.Markdown("# Gradio SSRF Bug Reproduction") | |
| gr.Markdown("Click the button below. You should see an error about hostname validation.") | |
| # State containing URLs that trigger the issue | |
| state_var = gr.State(sample_data) | |
| # Simple text input | |
| text_input = gr.Textbox(label="Enter some text", value="test") | |
| # Output | |
| output = gr.Textbox(label="Output") | |
| # Button that triggers the error | |
| button = gr.Button("Click me - this will fail") | |
| # This should work fine, but fails with: | |
| # ValueError: Hostname cas-bridge-direct.xethub.hf.co failed validation | |
| button.click( | |
| fn=dummy_function, | |
| inputs=[text_input, state_var], | |
| outputs=[output, state_var] | |
| ) | |
| if __name__ == "__main__": | |
| demo.launch() |