mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-11 00:33:40 +00:00
fix(mcp): restrict sandbox form submissions to the declared egress
form-action does not fall back to default-src, so with the inner iframe created
allow-forms a script could submit a hidden form to any origin and bypass the
connectDomains deny-by-default egress policy. The generated sandbox CSP now sets
form-action to the same declared connect allowlist ('none' when none is set).
This commit is contained in:
parent
251b18b9e9
commit
39a06f43f4
1 changed files with 3 additions and 0 deletions
|
|
@ -158,6 +158,9 @@
|
|||
("script-src 'unsafe-inline' " + resourceDomains).trim(),
|
||||
("style-src 'unsafe-inline' " + resourceDomains).trim(),
|
||||
"connect-src " + connectDomains,
|
||||
// form-action does not fall back to default-src, so with allow-forms a form could post to
|
||||
// any origin; bound it to the declared egress allowlist ('none' when none is declared).
|
||||
"form-action " + connectDomains,
|
||||
("img-src data: blob: " + resourceDomains).trim(),
|
||||
("media-src " + (resourceDomains || "'none'")).trim(),
|
||||
("font-src " + (resourceDomains || "'none'")).trim(),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue