LibreChat/client/public
Dustin Healy 8f10ef4b1f feat(mcp): dedicated-origin allow-same-origin, live host-context, configurable CSP, theme vars
Grant allow-same-origin to the sandbox inner frame only when the sandbox runs on a dedicated origin
(parentOrigin differs from the sandbox origin), matching the spec dedicated-origin model so
storage-backed apps work there while same-origin deployments stay isolated from the host.

Push host-context updates to a live app: a MutationObserver on the document theme class sends
sendHostContextChange with the new theme and derived style tokens when the user toggles light or
dark while an app is open.

Provide the standardized MCP Apps CSS theme variables (a mapped subset of LibreChat tokens) in the
initial hostContext and on theme change.

Add an opt-in strict CSP (VITE_MCP_SANDBOX_STRICT_CSP) that drops unsafe-eval, wasm-unsafe-eval,
blob:, and data: from the sandbox script-src, threaded to the sandbox via a strictCsp query param.
2026-06-30 17:43:42 -07:00
..
assets 🎨 chore: Update Agent Tool with new SVG assets (#12065) 2026-03-04 09:28:19 -05:00
fonts
mcp-sandbox.html feat(mcp): dedicated-origin allow-same-origin, live host-context, configurable CSP, theme vars 2026-06-30 17:43:42 -07:00
robots.txt