Skip to content

feat(workflows): enhance custom Python execution controls for HTTP requests#2412

Closed
dkosowski87 wants to merge 2 commits into
mainfrom
fix-critical-exposed-worker-run
Closed

feat(workflows): enhance custom Python execution controls for HTTP requests#2412
dkosowski87 wants to merge 2 commits into
mainfrom
fix-critical-exposed-worker-run

Conversation

@dkosowski87
Copy link
Copy Markdown
Contributor

@dkosowski87 dkosowski87 commented Jun 4, 2026

What does this PR do?

  • Updated documentation to clarify that local custom Python execution is disabled by default and can be enabled via environment variables.
  • Modified environment variable defaults in env.py to disable custom Python execution in workflows.
  • Implemented ensure_http_dynamic_python_blocks_allowed function to enforce restrictions on dynamic Python blocks in HTTP requests, raising HTTP 403 errors when disabled.
  • Added unit tests to validate the behavior of the new HTTP dynamic block guard functionality.

Type of Change

  • Bug fix (non-breaking change that fixes an issue)

Testing

  • I have added/updated tests for this change

@dkosowski87
feat(workflows): enhance custom Python execution controls for HTTP re…
b4b39e5 
…quests

- Updated documentation to clarify that local custom Python execution is disabled by default and can be enabled via environment variables.
- Modified environment variable defaults in `env.py` to disable custom Python execution in workflows.
- Implemented `ensure_http_dynamic_python_blocks_allowed` function to enforce restrictions on dynamic Python blocks in HTTP requests, raising HTTP 403 errors when disabled.
- Added unit tests to validate the behavior of the new HTTP dynamic block guard functionality.
@dkosowski87
refactor(workflows): reorganize environment variable imports for clarity
f6f7581 
- Consolidated imports from `inference.core.env` to improve readability.
- Removed redundant import of `ALLOW_HTTP_CUSTOM_PYTHON_EXECUTION_IN_WORKFLOWS` and restructured the import statements for better organization.
@dkosowski87 dkosowski87 closed this Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PawelPeczek-Roboflow PawelPeczek-Roboflow Awaiting requested review from PawelPeczek-Roboflow PawelPeczek-Roboflow will be requested when the pull request is marked ready for review PawelPeczek-Roboflow is a code owner

@grzegorz-roboflow grzegorz-roboflow Awaiting requested review from grzegorz-roboflow grzegorz-roboflow will be requested when the pull request is marked ready for review grzegorz-roboflow is a code owner

@hansent hansent Awaiting requested review from hansent hansent will be requested when the pull request is marked ready for review hansent is a code owner

@yeldarby yeldarby Awaiting requested review from yeldarby yeldarby will be requested when the pull request is marked ready for review yeldarby is a code owner

@probicheaux probicheaux Awaiting requested review from probicheaux probicheaux will be requested when the pull request is marked ready for review probicheaux is a code owner

@rafel-roboflow rafel-roboflow Awaiting requested review from rafel-roboflow rafel-roboflow will be requested when the pull request is marked ready for review rafel-roboflow is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dkosowski87