[Bug]: AssertionError: extension access disabed because of commandline flags

[piler87]

Is there an existing issue for this?

• [X] I have searched the existing issues and checked the recent builds/commits

What happened?

i have tried to install the extensions from the webUI but i keep getting this error

Error completing request Arguments: ('https://github.com/AUTOMATIC1111/stable-diffusion-webui-wildcards',) {}

assert not shared.cmd_opts.disable_extension_access, "extension access disabed because of commandline flags" AssertionError: extension access disabed because of commandline flags

Steps to reproduce the problem

open extension tab on webui, click install on any extension

What should have happened?

extension installed

Commit where the problem happens

Commit hash: d98eacea40c7a40227f36dbea9cf92f90489310b

What platforms do you use to access UI ?

Windows

What browsers do you use to access the UI ?

Google Chrome

Command Line Arguments

Launching Web UI with arguments: --share --vae-path models\Stable-diffusion\vae-ft-mse-840000-ema-pruned.pt

Additional information, context and logs

No response

[demosch]

same

[nerdyrodent]

"because of commandline flags" Have you tried without any command line options?

[tokengeek]

Having the --share command line argument is triggering the assertion error. See https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/4065#discussioncomment-4021937

It seems to be set to prevent using extensions when your server may be open and accessible to the internet. So --share and --listen are disallowed.

If you need to use --share then you may be stuck for a while but if not, removing that from your start up script should allow you to use extensions.

Preventing --listen is breaking use in some Docker containers but #4165 is covering that.

[GeorgiaM-honestly]

There is a check which looks for either --listen or --share (or was it --shared?). If that is true, these extensions are not allowed to run. If you remove the two, it will still listen but only on 127.0.0.1. You'll then have to connect to that, which is fine if you are local. But if like me you are not, you will need to do something like SSH tunneling where on the client you specify a client side listening port and redirect those over ssh, where on the server it emerges to 127.0.0.1 on the server side. Something like:

ssh -L 127.0.0.1:7860:127.0.0.1:7860 [otherstuff here]

This confusing looking command is doing:

• On the client side, listen on 127.0.0.1 port 7860
• When connections come to client side 127.0.0.1 port 7860, it is tunneled over the SSH connection
• On the server side, this connection goes to 127.0.0.1 port 7860 and you can access the UI
• Thus , on the client side, point your browser at http://127.0.0.1:7860/ and it will work out

HOWEVER if you're like me and running auto in a docker ( https://github.com/AbdBarho/stable-diffusion-webui-docker in my case ), you end up with a catch22 and the now not-so-simple networking means that this still won't work and you're stuck, as far as I can tell. https://github.com/AUTOMATIC1111/stable-diffusion-webui/issues/4165 in this project is working on resolving this.

[demosch]

hope this will be fixed

[aliencaocao]

This is not exactly a bug but a security feature, so I don't think it will be changed.

[GeorgiaM-honestly]

I and I imagine others understand. However it would be very nice indeed to have an option to override this explicitly and allow it, meaning the user takes responsibility for the action and has no grounds to file bugs for any resulting security issues.

[demosch]

yeah so only people that run local can use it. whtats the point of this extentions if making it very limited? let me personally decide if i want to take risk (no risk at all, just some ai pictures)

[Notloc]

This isn't a bug. Remove your flags, install your extensions, re-add your flags.

[GeorgiaM-honestly]

I agree it is not a bug, I am not arguing.

When I remove the flags, I can no longer reach the UI at 127.0.0.1:7806, so I can't use the UI to install the extensions. This is inside of a docker container, and this is an issue other docker users are having as well.

[demosch]

its working for me after manually putting in the folder. never changed the commands in that process.

[GeorgiaM-honestly]

its working for me after manually putting in the folder. never changed the commands in that process.

Can you tell me a little bit more? Which extension are you using, and what exactly did you do and put where? If there's another place we can talk so as not to clutter this issue up, maybe that would be best beyond the first response.

[nickythegreek]

I use --listen so that any computer on my home network can access and generate. But there is no access from outside my network. I want an option to override this 'security feature', as I am already controlling who has access via my router. I was able to use git to put the extensions in, but I cant use the interface to update now. I recommend a new cmdline arg that we can use in addition to the --listen to override.

[DenkingOfficial]

I want an option to override this 'security feature'

Check my PR https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4089 It adds exactly what you want

[yakuzadave]

I had been running into this too, but was able to fix it by removing --share and --listen, then installing the extensions. Once the extensions were installed, I just went back to sharing again. It's a bit of a hassle, but I totally get it. I would not want friends (or some rando) to install on my local machine without my permission.

[tommcg]

I am using a combo solution. I turn off the --share switch to install the extension(s.) Then add --share back to the startup batch after it's installed. Then I have added a line just above the 'call webui.bat' line which which is 'call mysetups.bat'.

In this mysetups.bat batch file I have the following which is intended to do all the necessary git pulls for updates so I don't have to constantly modify the --share switch every time I want to update the extensions via the extensions tab in the webui.

@echo off
REM 9:56 AM 11/4/2022

echo ^===== Storing Local Changes
git stash
echo ^===== Fetching WebUI updates
git pull
echo ^===== Updating Training Picker
git -C D:\stable-diffusion-webui\extensions\training-picker pull
echo ^===== Updating Aesthetic-Gradients
git -C D:\stable-diffusion-webui\extensions\aesthetic-gradients pull
echo ^===== Updating WebUI Artists to Study
git -C D:\stable-diffusion-webui\extensions\stable-diffusion-webui-artists-to-study pull
echo ^===== Updating WebUI Inspiration
git -C D:\stable-diffusion-webui\extensions\stable-diffusion-webui-inspiration pull
echo ^===== Updating WebUI Images Browser
git -C D:\stable-diffusion-webui\extensions\stable-diffusion-webui-images-browser pull
echo ^===== Updating Magic Prompt
git -C D:\stable-diffusion-webui\MagicPrompt-Stable-Diffusion pull
REM echo ^===== Updating Asthetic Image Scorer
REM git -C D:\stable-diffusion-webui\extensions\aesthetic-image-scorer pull
echo ^===== Updating Deforum
git -C D:\stable-diffusion-webui\extensions\deforum pull
echo ^===== Updating Unprompted
git -C D:\stable-diffusion-webui\extensions\unprompted pull

[0xdevalias]

I can't remember where I read it now, but i'm pretty sure there is another command line argument that can be passed to bypass this security check (only advisable if you know what you're doing and why)

Edit: Here:

• https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4089#issuecomment-1303075428
  • https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/ccf1a15412ef6b518f9f54cc26a0ee5edf458108
    • --enable-insecure-extension-access

[IndexProselyte]

If you are having this issue while running Stable diffusion on Paperspace using Automatics Web UI. On the first block of code you see in your Jupyter notebook you will need to change these values:

gradio_auth = "name:passwordkey"                                  
                                                       
search_paperspace_datasets = True                   

ui_theme = None                                        

insecure_extension_access = True     

After that you will need to enter a password each time you connect to your gradio link, but it will allow you to install extensions.

[cherishh]

https://github.com/AUTOMATIC1111/stable-diffusion-webui/pull/4089#issuecomment-1355584974 this works for me

[ZhenningLang]

find and disable the error line code (the check code, two places) by comment it before install then install extension by webui, and enable it again after install

[latentcode]

its working for me after manually putting in the folder. never changed the commands in that process.

Can you tell me a little bit more? Which extension are you using, and what exactly did you do and put where? If there's another place we can talk so as not to clutter this issue up, maybe that would be best beyond the first response.

I was attempting to install the Dreambooth extension. My configuration is much the same as @GeorgiaM-honestly, so I run with the --listen flag, which led to the assertion. @demosch indicated that installing manually circumvents the problem and @GeorgiaM-honestly asked for details. A little late, but in case it helps others:

After you click "Load from:" button from the Extensions | Available tab, a table is generated listing all the available extensions. If you hover over the name in the "Extension" column, you will see a GitHub url. Copy that into your clipboard (for Dreambooth it was: https://github.com/d8ahazard/sd_dreambooth_extension.git).

From the command line on your server, navigate to the extensions sub-directory where you installed Stable Diffusion WebUI: $ cd /path/to/stable-diffusion-webui/extensions

Clone the repo using the link from your clipboard: $ git clone https://github.com/d8ahazard/sd_dreambooth_extension.git

Restart the service: $ ./webui.sh --listen

Refresh client (browser)

[Xenodermus]

--share blocks adding or managing extensions. Which makes sense, or else outsiders could change your UI and even install malware from repositories via extensions :)

[pRoy24]

for anyone stumbling upon this in 2023, there is already an argument --enable-insecure-extension-access which allows you to download extensions while having --share flag enabled.

Also info above a bit outdated because the command args have been moved to modules/cmd_args.py

[yinkun-devops]

使用绘世启动sd，不知道该怎么开启这个参数 --enable-insecure-extension-access，cmd_args.py里面有这个参数，但是不知道如何启用

[samggggflynn]

使用绘世启动sd，不知道该怎么开启这个参数 --enable-insecure-extension-access，cmd_args.py里面有这个参数，但是不知道如何启用

just simply adding a character "--default=True" , after < "--enable-insecure-extension-access", action='store_true', >

[Woisek]

This problem is again in v1.8.0. Only --listen is in the command line, and that worked with v1.7.0 So, please change the code back to the working state like with v1.7.0, thanks.

[tryout3]

If you are using Gradio or Docker, use '--insecure' along with '--share' or '--listen'. This will enable adding extensions. '--enable-insecure-extension-access' doesn't work in the new update.

[piwawa]

--enable-insecure-extension-access

how to modify it? please make it clear and give an example.

[xhdndmm]

所以 怎么解决这个问题 我也遇到了

[larinius]

This isn't a bug. Remove your flags, install your extensions, re-add your flags.

How I can Install without SHARE flag? IF I CANNOT OPEN UI ?? Do you guys ever think before giving such "solutions" ? We Can Not open localhost on Google Collab... (probably some people can't understand such things)