Interface CSPConfig

Content Security Policy configuration

Unified CSP interface that maps to protocol-specific formats:

MCP Apps: _meta.ui.csp.{connectDomains, resourceDomains}
ChatGPT: _meta["openai/widgetCSP"].{connect_domains, resource_domains, ...}

interface CSPConfig {
    connectDomains?: string[];
    frameDomains?: string[];
    redirectDomains?: string[];
    resourceDomains?: string[];
}

Index

Properties

connectDomains? frameDomains? redirectDomains? resourceDomains?

Properties

`Optional`connectDomains

connectDomains?: string[]

Domains allowed for fetch/XHR/WebSocket connections. Maps to connect-src directive.

Example

["https://api.example.com", "wss://realtime.example.com"]

`Optional`frameDomains

frameDomains?: string[]

Allowed iframe origins. ChatGPT only - discouraged for security reasons.

Example

["https://embed.example.com"]

`Optional`redirectDomains

redirectDomains?: string[]

Domains for openExternal without confirmation modal. ChatGPT only - ignored on MCP Apps.

Example

["https://docs.example.com"]

`Optional`resourceDomains

resourceDomains?: string[]

Domains allowed for images, scripts, stylesheets, fonts. Maps to img-src, script-src, style-src, font-src directives.

Example

["https://cdn.example.com", "https://fonts.googleapis.com"]

Interface CSPConfig

Index

Properties

Properties

`Optional`connectDomains

Example

`Optional`frameDomains

Example

`Optional`redirectDomains

Example

`Optional`resourceDomains

Example

Settings

On This Page

Interface CSPConfig

Index

Properties

Properties

OptionalconnectDomains

Example

OptionalframeDomains

Example

OptionalredirectDomains

Example

OptionalresourceDomains

Example

Settings

On This Page

`Optional`connectDomains

`Optional`frameDomains

`Optional`redirectDomains

`Optional`resourceDomains