mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-03 12:54:01 +00:00
Render non-app (no profile=mcp-app) ui:// HTML inert: the static srcDoc iframes in ToolCall, MCPUIResource, and UIResourceCarousel now use sandbox="" so scripts and forms run only through the CSP-applying sandbox proxy. Make the proxy's meta CSP unbypassable by wrapping any document whose markup precedes <head>, so nothing untrusted is parsed before the policy takes effect. Fail closed in resolveAppContext when MCP auth-value resolution throws, logging and rejecting rather than proceeding with unresolved or stale credentials. Validate each MCP_SANDBOX_FRAME_ANCESTORS token against a scheme://host[:port] pattern so a stray ";" cannot inject an extra CSP directive. Rate-limit the app resource endpoints (resources/read, list, templates/list) per user, and correct AppToolResult.content from an empty-tuple type to unknown[]. Add controller tests for the frame-ancestors validation and the auth fail-closed path. |
||
|---|---|---|
| .. | ||
| @types | ||
| a11y | ||
| common | ||
| components | ||
| constants | ||
| data-provider | ||
| hooks | ||
| lib/rum | ||
| locales | ||
| polyfills | ||
| Providers | ||
| routes | ||
| store | ||
| utils | ||
| App.jsx | ||
| main.jsx | ||
| mobile.css | ||
| style.css | ||
| vite-env.d.ts | ||