mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-02 12:22:22 +00:00
Addresses security and correctness findings from a second review pass. Sandbox hardening: trustedOrigin is now derived from document.referrer at startup so notifyReady uses the known parent origin instead of the wildcard '*'. toDomainList validates every entry against a strict host-pattern regex before joining, preventing CSP injection via malicious server metadata. serveMCPSandbox now sets Content-Security-Policy: frame-ancestors 'self' and X-Frame-Options: SAMEORIGIN so the sandbox proxy cannot be framed by third-party origins. Server-side guards: appToolCall now validates that toolName is actually registered on serverName before forwarding to tools/call. The knownToolNamesCache is populated alongside modelOnlyToolCache in populateToolCaches, scoped per user/server key. isModelOnlyTool was inlined into appToolCall now that the single caching pass populates both sets. readResource gained the updateUserLastActivity call so resource fetches also prevent idle timeout. 500 responses now return generic messages; McpError InvalidRequest (-32600) surfaces as 400 with the message. Client: useAppBridge uses refs for onSizeChanged, toolArgs, and toolResult so the stable bridge effect closure always reads current values without triggering a remount. MCPAppView tracks timedOut separately from loaded so a bridge failure after 10 s shows an error message instead of a blank iframe. Added com_ui_mcp_app_failed_to_load translation key. Redundant as string | undefined casts on toolName removed in ToolCall, MCPUIResource, and UIResourceCarousel. |
||
|---|---|---|
| .. | ||
| src | ||
| types | ||
| .gitignore | ||
| babel.config.cjs | ||
| jest.config.mjs | ||
| jest.setup.cjs | ||
| package.json | ||
| tsconfig-paths-bootstrap.mjs | ||
| tsconfig.build.json | ||
| tsconfig.json | ||
| tsconfig.spec.json | ||
| tsdown.config.mjs | ||