[Bug]: Extension will not update if using --listen

[Remowylliams]

Is there an existing issue for this?

• [X] I have searched the existing issues and checked the recent builds/commits

What happened?

This morning After git pull, Extensions update function fails if --listen is given as command line option. This limits useful remote updating of extensions resulting in 'Error' displayed on Extensions page when you click Check for Updates.

I can see why you might not want to use this with --shared but --local is important for people accessing their SD on another machine locally and requires them to shutdown, turn off the --listen command line option and restore it after checking for update.

Steps to reproduce the problem

with --listen cmd line option enabled

1. Go to .... Extensions
2. Press .... checkmark an extension and press Check for Update
3. ... Watch the Error notice appear

What should have happened?

Should have checked for an update and given 'Latest' update status.

Commit where the problem happens

bb21a4cb35986d95ec63ace48ce13b75a776f5a5

What platforms do you use to access UI ?

Windows, Linux

What browsers do you use to access the UI ?

Mozilla Firefox, Brave

Command Line Arguments

--listen

Additional information, context and logs

This is generated by check_access() function in the modules/shared.py

line 102: cmd_opts.disable_extension_access = cmd_opts.share or cmd_opts.listen

change line 102: cmd_opts.disable_extension_access = cmd_opts.share

This should disallow remote updating of extensions if the --shared option is used, which seems reasonable. Otherwise people can not even locally update their extensions without shutdown / edit / restart

I understand the caution wanting to be used here, but it will impact people using docker and SD remotely on their own LAN if cmd_opts.listen is enabled. in the check.

[dhwz]

I think this PR will fix it if it is accepted by @AUTOMATIC1111 https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4089

[DenkingOfficial]

It's not a bug, it is codded to not allow you update or install extensions while using --listen or --share flags because of the security. If your webui is shared to global network anyone can install any code that they want and execute it. So if my PR https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4089 will be merged you should be careful using --global-extensions-access flag

UPD: Sorry, I was inattentive while reading your issue, you already know why it's disabled

[0xdevalias]

I can't remember where I read it now, but i'm pretty sure there is another command line argument that can be passed to bypass this security check (only advisable if you know what you're doing and why)

Edit: Here:

• https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4089#issuecomment-1303075428
  • https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/ccf1a15412ef6b518f9f54cc26a0ee5edf458108
    • --enable-insecure-extension-access

Originally posted by @0xdevalias in https://github.com/AUTOMATIC1111/stable-diffusion-webui/issues/4215#issuecomment-1304746430

[y0himba]

I think a decent solution would be to auto-disable --listen, proceed with extension updates or installs, then ask the user if they would like to re-enable --listen.

Or separate .bat files. I use --api --listen for the excellent Krita plugin

[natemac]

Have this same issue when using --share

[y0himba]

I created a separate bat for --api and --listen

[mezotaken]

--enable-insecure-extension-access

[akshay6893]

When you put --listen the process is launched on 0.0.0.0 which means any one can access it and it listens to all. But without --listen process is launched on 127.0.0.1 and is only available to localhost (server's localhost). So what I do is, I establish a connection between the server 7860 port and my local 7860 port, so that what ever happens on that port in the server gets sent to me on my local through that connection. That connection is called tunneling.

1. ssh into your server - ssh -L 127.0.0.1:7860:127.0.0.1:7860 username@serverip
2. now open 127.0.0.1:7860: on your local.

[flstahl]

I know this has been closed but I would like to ask a follow-up question and ask for help. I experience the following:

I am using VSCode on a Windows machine. In VSCode, I ssh into a remote host (AWS EC2) which runs Ubuntu. If I download and set-up the SD WebUI there, everything works fine.

Now I run a docker container which exposes port 7860 on that remote host (AWS EC2) by docker run -it -p 7861:7860 (I map my remote host port 7861 to the docker port 7860) and download and set-up SD WebUI inside the docker. The UI comes up and I can access it on my local Windows machine. The way I understand this, there is a "double port-forwarding" (first from my docker to the remote host and then from there to my local machine) but I am not an expert on this networking side of it. I can use SD WebUI but I cannot install extensions. I get the assertion error. This is with using --listen and/or --share

AssertionError: extension access disabed because of commandline flags

However when I use --share and access the WebUI through the public link, I can bypass this assertion error and successfully install extensions when I manually set cmd_opts.disable_extension_access = 0. This manual hard coded change lets me use the extensions tab through the public link but I still get the Assertion Error when using the 127.0.0.1 link.

Can anyone help me out here?

I suspect this has something to do with how docker exposes/forwards the port...

[akshay6893]

docker run -it -p 7861:7860 - this will launch on public network 0.0.0.0:7861. TO launch on local host - docker run -it -p 127.0.0.1:7861:7860