Update app.py

app.py

@@ -2,7 +2,7 @@ import gradio as gr
 
 # Problematic URL that triggers the SSRF validation error
 # This is a legitimate Hugging Face URL that should be allowed
-problematic_url = "https://huggingface.co/Norod78/JojosoStyle-flux-lora/resolve/main/samples/1725217578243__000000000_0.jpg"
+problematic_url = "https://cas-bridge-direct.xethub.hf.co/some-file.jpg"
 
 # Sample data with image URLs (similar to loras_state)
 sample_data = [
@@ -13,18 +13,32 @@ sample_data = [
     }
 ]
 
-def dummy_function(text_input, state_data):
+def add_item_function(text_input, state_data):
     """
     This function should be called when button is clicked,
-    but the error occurs before it even executes.
+    but the error occurs before it even executes when gallery is in outputs.
     """
     print("Function was called!")  # This should appear in logs but doesn't
-    return f"Processed: {text_input}", state_data
+    
+    # Add a new item to state
+    new_item = {
+        "title": f"New Item: {text_input}",
+        "image": problematic_url,  # This URL in the return value triggers SSRF
+        "repo": "new/repo"
+    }
+    state_data.append(new_item)
+    
+    # Format data for gallery: list of (image, title) tuples
+    gallery_data = [(item["image"], item["title"]) for item in state_data]
+    
+    # Use gr.update() to match the original code pattern exactly
+    return f"Added: {text_input}", state_data, gr.update(value=gallery_data)
 
 # Create the interface
 with gr.Blocks() as demo:
     gr.Markdown("# Gradio SSRF Bug Reproduction")
     gr.Markdown("Click the button below. You should see an error about hostname validation.")
+    gr.Markdown("The error occurs when the function tries to return data that will update a gallery with HuggingFace URLs.")
     
     # State containing URLs that trigger the issue
     state_var = gr.State(sample_data)
@@ -32,18 +46,25 @@ with gr.Blocks() as demo:
     # Simple text input
     text_input = gr.Textbox(label="Enter some text", value="test")
     
-    # Output
+    # Gallery that will be updated with the problematic URLs
+    gallery = gr.Gallery(
+        label="Gallery",
+        value=[(item["image"], item["title"]) for item in sample_data],
+        columns=3
+    )
+    
+    # Output textbox
     output = gr.Textbox(label="Output")
     
     # Button that triggers the error
-    button = gr.Button("Click me - this will fail")
+    button = gr.Button("Add item - this will fail")
     
-    # This should work fine, but fails with:
-    # ValueError: Hostname cas-bridge-direct.xethub.hf.co failed validation
+    # This fails with: ValueError: Hostname cas-bridge-direct.xethub.hf.co failed validation
+    # The error occurs when Gradio tries to process the gallery update with the HF URLs
     button.click(
-        fn=dummy_function,
+        fn=add_item_function,
         inputs=[text_input, state_var],
-        outputs=[output, state_var]
+        outputs=[output, state_var, gallery]  # Including gallery in outputs triggers the error
     )
 
 if __name__ == "__main__":