feat(deeplink): open comfy:// links to cloud.comfy.org in the app#1073
Draft
deepme987 wants to merge 3 commits into
Draft
feat(deeplink): open comfy:// links to cloud.comfy.org in the app#1073deepme987 wants to merge 3 commits into
deepme987 wants to merge 3 commits into
Conversation
Register the comfy:// URL scheme and route comfy://open?path=/... (or ?url=https://cloud.comfy.org/...) to the Comfy Cloud host window. Links are received cross-platform (macOS open-url incl. cold-start buffering; Windows/Linux via argv on launch + second-instance). The raw URL is untrusted: resolveDeepLink allowlists the resolved origin to cloud.comfy.org and returns null for any other scheme/origin, including protocol-relative and backslash tricks. OS-level scheme registration needs a packaged/ToDesktop build to verify end to end; the parse + allowlist is unit-tested.
Collaborator
Author
Companion PRs
This PR handles the scheme + routing; #12808 is the web side that produces the links. Contract: |
|
|
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
- add root-level protocols block so electron-builder declares the scheme on every OS: macOS CFBundleURLTypes, Windows NSIS registry, Linux .desktop MimeType - without it setAsDefaultProtocolClient is a no-op for packaged macOS, so the OS never routes comfy:// links to the app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR A of 2 for "open cloud.comfy.org links in Desktop" (companion: a cloud-web banner in ComfyUI_frontend that fires the link).
What
Registers the
comfy://URL scheme and opens deep links into the Comfy Cloud host window:comfy://open?path=/workflows/123→ loadshttps://cloud.comfy.org/workflows/123(focus if running, launch if not). Also accepts?url=<encoded cloud url>.How
app.setAsDefaultProtocolClient('comfy')+mac.extendInfo.CFBundleURLTypesintodesktop.json.open-url(buffers a link that arrives beforewhenReady); Windows/Linux fromprocess.argvat cold start and from the existingsecond-instancehandler.src/main/lib/deepLink.ts→resolveDeepLink(raw): string | null.Security
The raw OS string is untrusted.
resolveDeepLinkaccepts only thecomfy:scheme and allowlists the resolved origin tohttps://cloud.comfy.org— rejecting other schemes/origins, smuggled absolute URLs, protocol-relative//evil.com, and backslash tricks, with a final origin re-validation. It never returns a non-cloud URL. Fully unit-tested (22 cases).Verify
typecheck + lint clean;
deepLink.test.ts22/22; full unit suite 2151/2151. Note: OS-level scheme registration can only be confirmed on a packaged/ToDesktop build (open "comfy://open?path=/x"); the parsing/routing/allowlist is what's unit-tested here.