LibreChat/api/server/routes
Dustin Healy 0f708c2eb8 fix(mcp): harden app CSP, fail closed on auth resolution, and rate-limit resource reads
Render non-app (no profile=mcp-app) ui:// HTML inert: the static srcDoc iframes in ToolCall,
MCPUIResource, and UIResourceCarousel now use sandbox="" so scripts and forms run only through the
CSP-applying sandbox proxy. Make the proxy's meta CSP unbypassable by wrapping any document whose
markup precedes <head>, so nothing untrusted is parsed before the policy takes effect.

Fail closed in resolveAppContext when MCP auth-value resolution throws, logging and rejecting rather
than proceeding with unresolved or stale credentials. Validate each MCP_SANDBOX_FRAME_ANCESTORS
token against a scheme://host[:port] pattern so a stray ";" cannot inject an extra CSP directive.

Rate-limit the app resource endpoints (resources/read, list, templates/list) per user, and correct
AppToolResult.content from an empty-tuple type to unknown[]. Add controller tests for the
frame-ancestors validation and the auth fail-closed path.
2026-06-30 17:30:56 -07:00
..
__test-utils__
__tests__ 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
admin 📒 feat: Audit Log Backend for SystemGrant Assign and Revoke Events (#13087) 2026-06-18 15:42:33 -04:00
agents 💾 feat: Persist Context Breakdown & Branch/Total Usage Cost (#13734) 2026-06-14 10:48:07 -04:00
assistants
files 🗜️ fix: Support Windows ZIP MIME Uploads (#13794) 2026-06-16 11:19:06 -04:00
types
accessPermissions.js
accessPermissions.sharePolicy.test.js
accessPermissions.test.js
actions.js
apiKeys.js
auth.2fa-ratelimit.test.js
auth.cloudfront.test.js
auth.js
balance.js
banner.js
categories.js
config.js 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
convos.js 🔖 feat: Add Pinned Conversations (#13492) 2026-06-17 20:26:55 -04:00
endpoints.js 🪙 feat: SDK-Aligned Context-Usage Projection (gauge for window-switch & snapshot-less branches) (#13801) 2026-06-16 17:54:13 -04:00
index.js 📒 feat: Audit Log Backend for SystemGrant Assign and Revoke Events (#13087) 2026-06-18 15:42:33 -04:00
keys.js
mcp.js fix(mcp): harden app CSP, fail closed on auth resolution, and rate-limit resource reads 2026-06-30 17:30:56 -07:00
memories.js
messages.js
models.js
oauth.js
oauth.test.js
presets.js
projects.js
prompts.js
prompts.test.js
roles.js
rum.js 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
search.js
settings.js
share.js 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
skills.js
skills.tenant.test.js
skills.test.js
static.js
tags.js
user.js