Skip to content

Change CSP defaults from "MUST" to "SHOULD"#434

Open
mstoiber-oai wants to merge 1 commit intomodelcontextprotocol:mainfrom
mstoiber-oai:patch-1
Open

Change CSP defaults from "MUST" to "SHOULD"#434
mstoiber-oai wants to merge 1 commit intomodelcontextprotocol:mainfrom
mstoiber-oai:patch-1

Conversation

@mstoiber-oai
Copy link

@mstoiber-oai mstoiber-oai commented Feb 5, 2026
edited
Loading

Motivation and Context

In ChatGPT, we have security risk-accepted and shipped a slightly looser default CSP. We have a default domain allowlist that includes e.g. cdn.tailwindcss.com, cdn.jsdelivr.net, *.oaiusercontent.com,… that we add to the resourceDomains and connectDomains. We also set frame-src 'none' and default-src 'self' by default

In order to stay compliant with the spec, we're proposing an update to the spec language around the default CSP from "MUST" to "SHOULD".

How Has This Been Tested?

ChatGPT shipped this default with the Apps SDK many months ago.

Breaking Changes

No.

@mstoiber-oai
Change CSP defaults from "MUST" to "SHOULD"
fb8be69 
In ChatGPT, we have security risk-accepted and shipped a slightly looser default CSP. We have a default domain allowlist that includes e.g. `cdn.tailwindcss.com`, `cdn.jsdelivr.net`, `*.oaiusercontent.com`,… that we add to the resourceDomains and connectDomains. We also set `frame-src 'none'` by default, unless frameDomains are specified.

In order to stay compliant with the spec, we're proposing an update to the spec language around the default CSP from "MUST" to "SHOULD".
@connor4312
Copy link

connor4312 commented Feb 5, 2026
edited
Loading

I'm not a fan of this. An MCP developer who builds and tests their app against one client that follows the spec should have their app work on every other client that follows the spec without having to test it individually. This is the case with the rest of the MCP protocol.

With this change, if a developer targets client X which does not follow the spec's SHOULD recommendations, their app will not load at all on other clients that follow the spec more closely.

@idosal
Copy link
Contributor

idosal commented Feb 5, 2026

Thanks @mstoiber-oai ! I agree with @connor4312 that this level of leniency might come back to bite us. I realize it's challenging, but is it realistic to go the other way around and ask existing apps to add the required domains to their CSP meta?

ochafik
ochafik approved these changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@ochafik ochafik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM! cc/ @idosal @antonpk1 @connor4312 FYI

ochafik
ochafik requested changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@ochafik ochafik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually sorry hadn't read objections from @idosal & @connor4312 let's discuss this one at the next meetup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ochafik ochafik ochafik requested changes

+1 more reviewer

@scutuatua-crypto scutuatua-crypto scutuatua-crypto approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mstoiber-oai @connor4312 @idosal @ochafik @scutuatua-crypto