LibreChat/client/src
Dustin Healy 0f708c2eb8 fix(mcp): harden app CSP, fail closed on auth resolution, and rate-limit resource reads
Render non-app (no profile=mcp-app) ui:// HTML inert: the static srcDoc iframes in ToolCall,
MCPUIResource, and UIResourceCarousel now use sandbox="" so scripts and forms run only through the
CSP-applying sandbox proxy. Make the proxy's meta CSP unbypassable by wrapping any document whose
markup precedes <head>, so nothing untrusted is parsed before the policy takes effect.

Fail closed in resolveAppContext when MCP auth-value resolution throws, logging and rejecting rather
than proceeding with unresolved or stale credentials. Validate each MCP_SANDBOX_FRAME_ANCESTORS
token against a scheme://host[:port] pattern so a stray ";" cannot inject an extra CSP directive.

Rate-limit the app resource endpoints (resources/read, list, templates/list) per user, and correct
AppToolResult.content from an empty-tuple type to unknown[]. Add controller tests for the
frame-ancestors validation and the auth fail-closed path.
2026-06-30 17:30:56 -07:00
..
@types ⚙️ refactor: Lazy load locale resources (#13640) 2026-06-10 08:48:58 -04:00
a11y 👷 ci: Type-check the Client Workspace (#13560) 2026-06-06 18:40:31 -04:00
common 🖇️ feat: Reference Selected Chat Text with Multi-Quote Popup (#13868) 2026-06-21 08:33:11 -04:00
components fix(mcp): harden app CSP, fail closed on auth resolution, and rate-limit resource reads 2026-06-30 17:30:56 -07:00
constants
data-provider 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
hooks fix(mcp): carry apps flag through the request resolver and canonicalize resource-read auth 2026-06-29 00:52:58 -07:00
lib/rum 👷 ci: Type-check the Client Workspace (#13560) 2026-06-06 18:40:31 -04:00
locales fix(mcp): tighten MCP Apps read-only views and resource-read authorization 2026-06-28 22:58:21 -07:00
polyfills chore: Upgrade Vite For Node 24 (#13450) 2026-06-01 15:47:58 -04:00
Providers fix(mcp): carry apps flag through the request resolver and canonicalize resource-read auth 2026-06-29 00:52:58 -07:00
routes 🪶 fix: Prevent Soft Default Model Spec from Overriding User Selections (#13642) 2026-06-10 08:52:28 -04:00
store 🖇️ feat: Reference Selected Chat Text with Multi-Quote Popup (#13868) 2026-06-21 08:33:11 -04:00
utils fix(mcp): harden app CSP, fail closed on auth resolution, and rate-limit resource reads 2026-06-30 17:30:56 -07:00
App.jsx ⚙️ refactor: lazy-load React Query Devtools (#13639) 2026-06-10 13:06:20 -04:00
main.jsx 🛟 fix: Auto-Recover from Stale Service Worker Assets After Deploys (#13686) 2026-06-11 11:57:06 -04:00
mobile.css
style.css 🎛️ feat: Redesign Settings with Registry-Driven Dialog, Search, and Mobile Drill-In (#13722) 2026-06-18 08:51:07 -04:00
vite-env.d.ts