DEV Community: Nguyen Hien The latest articles on DEV Community by Nguyen Hien (@cptrodgers). https://dev.to/cptrodgers https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3859748%2F8e400ae9-0927-4574-af06-6ee2b2271a86.jpg DEV Community: Nguyen Hien https://dev.to/cptrodgers en MCP App CSP Explained: Why Your Widget Won't Render Nguyen Hien Fri, 03 Apr 2026 16:16:39 +0000 https://dev.to/cptrodgers/mcp-app-csp-explained-why-your-widget-wont-render-9n1 https://dev.to/cptrodgers/mcp-app-csp-explained-why-your-widget-wont-render-9n1 <p>You built an MCP App. The tool works. The server returns data. But the widget renders as a blank iframe. </p> <p>You've hit the <code>#1 problem in MCP App development</code>: <strong>Content Security Policy</strong>.</p> <p>This post explains exactly how CSP works in MCP Apps, what the three domain arrays do, the mistakes that cause silent failures, and how to debug them. By the end, you'll never stare at a blank widget again.</p> <h2> The sandbox model </h2> <p>Every MCP App widget runs inside a sandboxed iframe. On ChatGPT, that iframe lives at a domain like <code>yourapp.web-sandbox.oaiusercontent.com</code>. On Claude, it's computed from a hash of your server URL. On VS Code, it's host-controlled.</p> <p>The sandbox blocks <strong>everything</strong> by default. No external API calls. No CDN images. No Google Fonts. No WebSocket connections. Nothing leaves the iframe unless you explicitly declare it.</p> <p>You declare allowed domains in <code>_meta.ui.csp</code> on your MCP resource. The host reads this and sets the iframe's Content Security Policy. If a domain isn't declared, the browser blocks the request before it even happens.</p> <p>Here's what a declaration looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">_meta</span><span class="p">:</span> <span class="p">{</span> <span class="nl">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.example.com</span><span class="dl">"</span><span class="p">],</span> <span class="na">resourceDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://cdn.example.com</span><span class="dl">"</span><span class="p">],</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Simple enough. But the devil is in knowing which array to put each domain in.</p> <h2> The three domain arrays </h2> <h3> <code>connectDomains</code> — runtime connections </h3> <p>Controls: <code>fetch()</code>, <code>XMLHttpRequest</code>, <code>WebSocket</code>, <code>EventSource</code>, <code>navigator.sendBeacon()</code></p> <p>Maps to the CSP <code>connect-src</code> directive.</p> <p><strong>Use when:</strong> your widget calls an API at runtime.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// This fetch will be BLOCKED unless api.stripe.com is in connectDomains</span> <span class="kd">const</span> <span class="nx">charges</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://api.stripe.com/v1/charges</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Same for WebSockets</span> <span class="kd">const</span> <span class="nx">ws</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WebSocket</span><span class="p">(</span><span class="dl">"</span><span class="s2">wss://realtime.example.com/feed</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <h3> <code>resourceDomains</code> — static assets </h3> <p>Controls: <code>&lt;script src&gt;</code>, <code>&lt;link rel="stylesheet"&gt;</code>, <code>&lt;img src&gt;</code>, <code>&lt;video&gt;</code>, <code>&lt;audio&gt;</code>, <code>@font-face</code>, CSS <code>url()</code>, <code>@import</code></p> <p>Maps to CSP <code>script-src</code>, <code>style-src</code>, <code>img-src</code>, <code>font-src</code>, <code>media-src</code>.</p> <p><strong>Use when:</strong> your widget loads assets from external CDNs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- These will be BLOCKED unless the domains are in resourceDomains --&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"https://cdn.example.com/chart.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;link</span> <span class="na">href=</span><span class="s">"https://fonts.googleapis.com/css2?family=Inter"</span> <span class="na">rel=</span><span class="s">"stylesheet"</span><span class="nt">&gt;</span> <span class="nt">&lt;img</span> <span class="na">src=</span><span class="s">"https://res.cloudinary.com/demo/image/upload/sample.jpg"</span><span class="nt">&gt;</span> </code></pre> </div> <h3> <code>frameDomains</code> — nested iframes </h3> <p>Controls: <code>&lt;iframe src&gt;</code></p> <p>Maps to CSP <code>frame-src</code>.</p> <p><strong>Use when:</strong> your widget embeds third-party content like YouTube videos, Google Maps, or Spotify players.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- BLOCKED unless youtube.com is in frameDomains --&gt;</span> <span class="nt">&lt;iframe</span> <span class="na">src=</span><span class="s">"https://www.youtube.com/embed/abc123"</span><span class="nt">&gt;&lt;/iframe&gt;</span> </code></pre> </div> <p>Without <code>frameDomains</code>, nested iframes are blocked entirely. Note that ChatGPT reviews apps with <code>frameDomains</code> more strictly — only use it when you actually embed iframes.</p> <h2> The five mistakes that break your widget </h2> <h3> 1. Using <code>resourceDomains</code> for API calls </h3> <p>This is the most common mistake. Your widget calls <code>fetch()</code> to an API, and you put the domain in <code>resourceDomains</code> because "it's a resource." It isn't — <code>fetch()</code> is a runtime connection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong: API domain in resourceDomains</span> <span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">resourceDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.example.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Correct: API domain in connectDomains</span> <span class="nl">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.example.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>The rule:</strong> if your JavaScript code calls it at runtime, it goes in <code>connectDomains</code>. If an HTML tag loads it as a static asset, it goes in <code>resourceDomains</code>.</p> <h3> 2. Forgetting the font file domain </h3> <p>Google Fonts is a two-domain system. The CSS is served from <code>fonts.googleapis.com</code>, but the actual font files (<code>.woff2</code>) come from <code>fonts.gstatic.com</code>. If you only declare the first, the CSS loads but the fonts don't.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong: CSS loads, fonts don't</span> <span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">resourceDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://fonts.googleapis.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Correct: both domains declared</span> <span class="nl">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">resourceDomains</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">https://fonts.googleapis.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://fonts.gstatic.com</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Your widget will render with fallback system fonts — a subtle visual bug that's easy to miss during development but obvious to users.</p> <h3> 3. Missing the WebSocket protocol </h3> <p>WebSocket connections use <code>wss://</code>, not <code>https://</code>. If you declare the HTTPS version, the WebSocket connection still fails.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong: wss:// connections are still blocked</span> <span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://realtime.example.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Correct: use the wss:// scheme</span> <span class="nl">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">wss://realtime.example.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Also correct: declare both if you use both</span> <span class="nl">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">connectDomains</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">https://api.example.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">wss://realtime.example.com</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> 4. Services that need both arrays </h3> <p>Some services serve both static assets AND API responses from the same or related domains. Mapbox is a classic example — it serves API responses (tile coordinates) and image tiles (actual map pictures) from the same origins.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong: only connect, map tiles don't render</span> <span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.mapbox.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Correct: both connect and resource</span> <span class="nl">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.mapbox.com</span><span class="dl">"</span><span class="p">],</span> <span class="na">resourceDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.mapbox.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Other services that commonly need both: Cloudinary (API + image CDN), Firebase (API + hosting), Supabase (API + storage).</p> <h3> 5. Works in dev, breaks when published </h3> <p>ChatGPT has a more relaxed CSP in developer mode. When you publish your app, stricter rules apply. Two things that catch people:</p> <p><strong>Missing <code>_meta.ui.domain</code>.</strong> Developer mode works without it. Published mode requires it — this is the domain ChatGPT uses to scope your widget's sandbox origin.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">_meta</span><span class="p">:</span> <span class="p">{</span> <span class="nl">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">domain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://myapp.example.com</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// required for published apps</span> <span class="na">csp</span><span class="p">:</span> <span class="p">{</span> <span class="cm">/* ... */</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Missing <code>openai/widgetCSP</code>.</strong> Some published apps need the ChatGPT-specific CSP format alongside the standard <code>_meta.ui.csp</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">_meta</span><span class="p">:</span> <span class="p">{</span> <span class="nl">ui</span><span class="p">:</span> <span class="p">{</span> <span class="na">csp</span><span class="p">:</span> <span class="p">{</span> <span class="na">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.example.com</span><span class="dl">"</span><span class="p">],</span> <span class="na">resourceDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://cdn.example.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="p">},</span> <span class="c1">// ChatGPT compatibility layer</span> <span class="dl">"</span><span class="s2">openai/widgetCSP</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="nl">connect_domains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.example.com</span><span class="dl">"</span><span class="p">],</span> <span class="nx">resource_domains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://cdn.example.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Note the naming difference: <code>connectDomains</code> (camelCase) in the standard spec vs <code>connect_domains</code> (snake_case) in the ChatGPT extension.</p> <h2> How to debug CSP violations </h2> <p>When CSP blocks a request, the browser logs it to the console. Here's how to find it:</p> <ol> <li>Open DevTools (<code>F12</code> or <code>Cmd+Opt+I</code>)</li> <li>Go to the <strong>Console</strong> tab</li> <li>Look for red errors starting with <code>Refused to</code> </li> </ol> <p>The error message tells you exactly what was blocked:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Refused to connect to 'https://api.example.com/data' because it violates the following Content Security Policy directive: "connect-src 'self'" </code></pre> </div> <p>This tells you:</p> <ul> <li> <strong>What was blocked:</strong> <code>https://api.example.com/data</code> </li> <li> <strong>Which directive:</strong> <code>connect-src</code> — you need <code>connectDomains</code> </li> <li> <strong>Current policy:</strong> only <code>'self'</code> is allowed — the domain isn't declared</li> </ul> <p>For font issues:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Refused to load the font 'https://fonts.gstatic.com/s/inter/...' because it violates the following Content Security Policy directive: "font-src 'self'" </code></pre> </div> <p>This means <code>fonts.gstatic.com</code> needs to be in <code>resourceDomains</code>.</p> <h3> Debugging checklist </h3> <p>When your widget is blank or partially broken:</p> <ol> <li>Open DevTools Console — look for <code>Refused to</code> errors</li> <li>For each error, identify the directive (<code>connect-src</code>, <code>font-src</code>, <code>script-src</code>, etc.)</li> <li>Map the directive to the right array: <ul> <li> <code>connect-src</code> → <strong>connectDomains</strong> </li> <li> <code>script-src</code>, <code>style-src</code>, <code>img-src</code>, <code>font-src</code>, <code>media-src</code> → <strong>resourceDomains</strong> </li> <li> <code>frame-src</code> → <strong>frameDomains</strong> </li> </ul> </li> <li>Add the blocked domain to the correct array</li> <li>Restart your MCP server and test again</li> </ol> <h2> Copy-paste patterns </h2> <p>Here are CSP declarations for common use cases:</p> <p><strong>API calls only:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.yourbackend.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>CDN images:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">resourceDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://cdn.yourbackend.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>Google Fonts:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">resourceDomains</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">https://fonts.googleapis.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://fonts.gstatic.com</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>Full stack — API + CDN + Fonts:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">connectDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://api.yourbackend.com</span><span class="dl">"</span><span class="p">],</span> <span class="nx">resourceDomains</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">https://cdn.yourbackend.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://fonts.googleapis.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://fonts.gstatic.com</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>Mapbox maps:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">connectDomains</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">https://api.mapbox.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://events.mapbox.com</span><span class="dl">"</span> <span class="p">],</span> <span class="nx">resourceDomains</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">https://api.mapbox.com</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">https://cdn.mapbox.com</span><span class="dl">"</span> <span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>Embedded YouTube:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">csp</span><span class="p">:</span> <span class="p">{</span> <span class="nl">frameDomains</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">https://www.youtube.com</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h2> Other sandbox restrictions </h2> <p>CSP isn't the only thing the sandbox blocks. These browser APIs are also restricted inside MCP App iframes:</p> <ul> <li> <strong><code>localStorage</code> / <code>sessionStorage</code></strong> — may throw <code>SecurityError</code>. Use in-memory state instead.</li> <li> <strong><code>eval()</code> / <code>new Function()</code></strong> — blocked by default. Some charting libraries use <code>eval()</code> internally — check before picking a dependency.</li> <li> <strong><code>window.open()</code></strong> — blocked. Use the MCP Apps bridge for navigation.</li> <li> <strong><code>document.cookie</code></strong> — no cookies in sandboxed iframes.</li> <li> <strong><code>navigator.clipboard</code></strong> — blocked.</li> <li> <strong><code>alert()</code> / <code>confirm()</code> / <code>prompt()</code></strong> — blocked.</li> </ul> <p>If your widget depends on any of these, it will fail silently even if your CSP is perfect.</p> <h2> Platform differences </h2> <p>The MCP Apps spec is standard, but each host implements it differently:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Platform</th> <th>CSP source</th> <th>Widget domain</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td><strong>ChatGPT</strong></td> <td> <code>_meta.ui.csp</code> + <code>openai/widgetCSP</code> </td> <td><code>{domain}.web-sandbox.oaiusercontent.com</code></td> <td>Requires <code>_meta.ui.domain</code> for published apps</td> </tr> <tr> <td><strong>Claude</strong></td> <td><code>_meta.ui.csp</code></td> <td>SHA-256 of MCP server URL</td> <td>Own sandbox model</td> </tr> <tr> <td><strong>VS Code</strong></td> <td><code>_meta.ui.csp</code></td> <td>Host-controlled</td> <td>Had bugs with <code>resourceDomains</code> mapping in older versions</td> </tr> </tbody> </table></div> <p>If you're building for multiple platforms, test on each. A widget that works on ChatGPT might fail on Claude or VS Code due to these subtle differences.</p> <h2> Skip the debugging entirely </h2> <p>Getting CSP right by hand is tedious. Every time you add a new external dependency — a font, an analytics script, an API endpoint — you need to update <code>_meta.ui.csp</code> and hope you picked the right array.</p> <p><a href="https://github.com/cptrodgers/mcpr" rel="noopener noreferrer"><strong>MCPR</strong></a> is an open-source MCP proxy that handles this for you. It sits between the AI client and your MCP server, reads your <code>_meta.ui.csp</code> declarations, and injects the correct CSP headers automatically — so you declare once and it works across ChatGPT, Claude, and VS Code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cargo <span class="nb">install </span>mcpr mcpr <span class="nt">--config</span> mcpr.toml </code></pre> </div> <p>If you don't want to self-host, <a href="https://cloud.mcpr.app" rel="noopener noreferrer"><strong>MCPR Cloud</strong></a> gives you a managed tunnel with a free subdomain. Claim yours at <code>cloud.mcpr.app</code> and start proxying in minutes — CSP handled, auth included, every tool call observable.</p> <ul> <li><a href="https://github.com/cptrodgers/mcpr" rel="noopener noreferrer">Star us on GitHub</a></li> <li><a href="https://dev.to/getting-started/quickstart">Get started with MCPR</a></li> </ul> <p><strong>TL;DR:</strong></p> <ul> <li> <code>connectDomains</code> = <code>fetch()</code>, WebSocket, XHR (runtime connections)</li> <li> <code>resourceDomains</code> = images, fonts, scripts, stylesheets (static assets)</li> <li> <code>frameDomains</code> = nested iframes (use sparingly)</li> <li>Debug with DevTools Console — look for "Refused to" errors</li> <li>Google Fonts needs both <code>fonts.googleapis.com</code> AND <code>fonts.gstatic.com</code> </li> <li>Test on every platform you ship to — they're all slightly different</li> </ul> mcp csp chatgpt