From 480375f3495e9e1437faf47eb2a11222c9acf3f0 Mon Sep 17 00:00:00 2001
From: Christian Byrne <cbyrne@comfy.org>
Date: Sun, 13 Jul 2025 01:46:27 -0700
Subject: [PATCH] Remove auth tokens from history storage (#8889)

Remove auth_token_comfy_org and api_key_comfy_org from extra_data before
storing prompt history to prevent sensitive authentication tokens from
being persisted in the history endpoint response.
---
 execution.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/execution.py b/execution.py
index 90cefc023..bd638afba 100644
--- a/execution.py
+++ b/execution.py
@@ -1045,6 +1045,12 @@ class PromptQueue:
             if status is not None:
                 status_dict = copy.deepcopy(status._asdict())
 
+            # Remove auth tokens from extra_data before storing in history
+            if "auth_token_comfy_org" in prompt[3]:
+                del prompt[3]["auth_token_comfy_org"]
+            if "api_key_comfy_org" in prompt[3]:
+                del prompt[3]["api_key_comfy_org"]
+
             self.history[prompt[1]] = {
                 "prompt": prompt,
                 "outputs": {},