fix: use targetOrigin in the proxy message relay#40
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull Request Overview
This pull request improves security in the proxy message relay by implementing specific target origins in postMessage calls instead of using the wildcard * whenever possible. The change follows security best practices by restricting message destinations to known origins.
Key changes:
- Updated the proxy message handling to use the target URL's origin when posting messages to the iframe
- Reorganized the message event handling logic for better clarity
- Updated documentation to reflect the security improvement and explain the rationale
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| packages/client/scripts/proxy/index.html | Implements targetOrigin security improvement and reorganizes message handling logic |
| docs/src/guide/client/using-a-proxy.md | Updates documentation to explain the importance of using specific targetOrigin values |
Comments suppressed due to low confidence (1)
packages/client/scripts/proxy/index.html:38
- [nitpick] The variable name 'e' is not descriptive. Consider using '' or 'error' if the caught exception will be used, or keep '' if it's intentionally ignored.
} catch (e) {
Deploying mcp-ui with
|
| Latest commit: |
5a72c78
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://e6256562.mcp-ui.pages.dev |
| Branch Preview URL: | https://fix-proxy-messages.mcp-ui.pages.dev |
liady
approved these changes
Jul 18, 2025
github-actions bot
pushed a commit
that referenced
this pull request
Jul 18, 2025
## [5.1.2](v5.1.1...v5.1.2) (2025-07-18) ### Bug Fixes * use targetOrigin in the proxy message relay ([#40](#40)) ([b3fb54e](b3fb54e))
github-actions bot
pushed a commit
that referenced
this pull request
Jul 19, 2025
# 1.0.0 (2025-07-19) ### Bug Fixes * add a bridge to pass messages in and out of the proxy ([#38](#38)) ([30ccac0](30ccac0)) * **client:** specify iframe ([fd0b70a](fd0b70a)) * **client:** styling ([6ff9b68](6ff9b68)) * dependencies ([887f61f](887f61f)) * export RemoteDomResource ([2b86f2d](2b86f2d)) * export ResourceRenderer and HtmlResource ([2b841a5](2b841a5)) * exports ([3a93a16](3a93a16)) * iframe handle ([#15](#15)) ([66bd4fd](66bd4fd)) * lint ([4487820](4487820)) * lint ([d0a91f9](d0a91f9)) * package config ([8dc1e53](8dc1e53)) * packaging ([9e6babd](9e6babd)) * pass ref explicitly using iframeProps ([#33](#33)) ([d01b5d1](d01b5d1)) * publish ([0943e7a](0943e7a)) * ref passing to UIResourceRenderer ([#32](#32)) ([d28c23f](d28c23f)) * remove shared dependency ([e66e8f4](e66e8f4)) * rename components and methods to fit new scope ([#22](#22)) ([6bab1fe](6bab1fe)) * rename delivery -> encoding and flavor -> framework ([#36](#36)) ([9a509ed](9a509ed)) * support react-router ([21ffb95](21ffb95)) * text and blob support in RemoteDOM resources ([ec68eb9](ec68eb9)) * trigger release ([aaca831](aaca831)) * typescript types to be compatible with MCP SDK ([#10](#10)) ([74365d7](74365d7)) * update deps ([4091ef4](4091ef4)) * use targetOrigin in the proxy message relay ([#40](#40)) ([b3fb54e](b3fb54e)) * validate URL ([b7c994d](b7c994d)) ### Documentation * bump ([#4](#4)) ([ad4d163](ad4d163)) ### Features * add proxy option to externalUrl ([#37](#37)) ([7b95cd0](7b95cd0)) * add remote-dom content type ([#18](#18)) ([5dacf37](5dacf37)) * add Ruby server SDK ([#31](#31)) ([5ffcde4](5ffcde4)) * change onGenericMcpAction to optional onUiAction ([1913b59](1913b59)) * **client:** allow setting supportedContentTypes for HtmlResource ([#17](#17)) ([e009ef1](e009ef1)) * consolidate ui:// and ui-app:// ([#8](#8)) ([2e08035](2e08035)) * pass iframe props down ([#14](#14)) ([112539d](112539d)) * separate html and remote-dom props ([#24](#24)) ([a7f0529](a7f0529)) * support generic messages response ([#35](#35)) ([10b407b](10b407b)) * support ui action result types ([#6](#6)) ([899d152](899d152)) * switch to ResourceRenderer ([#21](#21)) ([6fe3166](6fe3166)) ### BREAKING CHANGES * The existing naming is ambiguous. Renaming delivery to encoding and flavor to framework should clarify the intent. * exported names have changed * removed deprecated client API * (previous one didn't take due to semantic-release misalignment)
github-actions bot
pushed a commit
that referenced
this pull request
Oct 10, 2025
# 1.0.0-alpha.1 (2025-10-10) ### Bug Fixes * adapter version ([259c842](259c842)) * add a bridge to pass messages in and out of the proxy ([#38](#38)) ([30ccac0](30ccac0)) * bump client version ([75c9236](75c9236)) * **client:** specify iframe ([fd0b70a](fd0b70a)) * **client:** styling ([6ff9b68](6ff9b68)) * dependencies ([887f61f](887f61f)) * export RemoteDomResource ([2b86f2d](2b86f2d)) * export ResourceRenderer and HtmlResource ([2b841a5](2b841a5)) * exports ([3a93a16](3a93a16)) * iframe handle ([#15](#15)) ([66bd4fd](66bd4fd)) * lint ([4487820](4487820)) * lint ([d0a91f9](d0a91f9)) * minor typo ([a0bee9c](a0bee9c)) * move react dependencies to be peer dependencies ([#91](#91)) ([f672f3e](f672f3e)), closes [#90](#90) * package config ([8dc1e53](8dc1e53)) * packaging ([9e6babd](9e6babd)) * pass ref explicitly using iframeProps ([#33](#33)) ([d01b5d1](d01b5d1)) * publish ([0943e7a](0943e7a)) * ref passing to UIResourceRenderer ([#32](#32)) ([d28c23f](d28c23f)) * release ([420efc0](420efc0)) * remove shared dependency ([e66e8f4](e66e8f4)) * rename components and methods to fit new scope ([#22](#22)) ([6bab1fe](6bab1fe)) * rename delivery -> encoding and flavor -> framework ([#36](#36)) ([9a509ed](9a509ed)) * Ruby comment ([b22dc2e](b22dc2e)) * support react-router ([21ffb95](21ffb95)) * text and blob support in RemoteDOM resources ([ec68eb9](ec68eb9)) * trigger release ([aaca831](aaca831)) * typescript ci publish ([e7c0ebf](e7c0ebf)) * typescript types to be compatible with MCP SDK ([#10](#10)) ([74365d7](74365d7)) * update deps ([4091ef4](4091ef4)) * update isUIResource to use EmbeddedResource type ([#122](#122)) ([5a65a0b](5a65a0b)), closes [#117](#117) * use targetOrigin in the proxy message relay ([#40](#40)) ([b3fb54e](b3fb54e)) * validate URL ([b7c994d](b7c994d)) * wc dist overwrite ([#63](#63)) ([9e46c56](9e46c56)) ### Documentation * bump ([#4](#4)) ([ad4d163](ad4d163)) ### Features * add adapters infra (appssdk) ([#125](#125)) ([2e016cd](2e016cd)) * add convenience function isUIResource to client SDK ([#86](#86)) ([607c6ad](607c6ad)) * add embeddedResourceProps for annotations ([#99](#99)) ([b96ec44](b96ec44)) * add proxy option to externalUrl ([#37](#37)) ([7b95cd0](7b95cd0)) * add remote-dom content type ([#18](#18)) ([5dacf37](5dacf37)) * add Ruby server SDK ([#31](#31)) ([5ffcde4](5ffcde4)) * add sandbox permissions instead of an override ([#83](#83)) ([b1068e9](b1068e9)) * add ui-request-render-data message type ([#111](#111)) ([26135ce](26135ce)) * add UIResourceRenderer Web Component ([#58](#58)) ([ec8f299](ec8f299)) * auto resize with the autoResizeIframe prop ([#56](#56)) ([76c867a](76c867a)) * change onGenericMcpAction to optional onUiAction ([1913b59](1913b59)) * **client:** allow setting supportedContentTypes for HtmlResource ([#17](#17)) ([e009ef1](e009ef1)) * consolidate ui:// and ui-app:// ([#8](#8)) ([2e08035](2e08035)) * pass iframe props down ([#14](#14)) ([112539d](112539d)) * refactor UTFtoB64 (bump server version) ([#95](#95)) ([2d5e16b](2d5e16b)) * send render data to the iframe ([#51](#51)) ([d38cfc7](d38cfc7)) * separate html and remote-dom props ([#24](#24)) ([a7f0529](a7f0529)) * support generic messages response ([#35](#35)) ([10b407b](10b407b)) * support passing resource metadata ([#87](#87)) ([f1c1c9b](f1c1c9b)) * support ui action result types ([#6](#6)) ([899d152](899d152)) * switch to ResourceRenderer ([#21](#21)) ([6fe3166](6fe3166)) ### BREAKING CHANGES * The existing naming is ambiguous. Renaming delivery to encoding and flavor to framework should clarify the intent. * exported names have changed * removed deprecated client API * (previous one didn't take due to semantic-release misalignment)
github-actions bot
pushed a commit
that referenced
this pull request
Oct 10, 2025
# 1.0.0-alpha.1 (2025-10-10) ### Bug Fixes * adapter version ([259c842](259c842)) * add a bridge to pass messages in and out of the proxy ([#38](#38)) ([30ccac0](30ccac0)) * bump client version ([75c9236](75c9236)) * **client:** specify iframe ([fd0b70a](fd0b70a)) * **client:** styling ([6ff9b68](6ff9b68)) * dependencies ([887f61f](887f61f)) * export RemoteDomResource ([2b86f2d](2b86f2d)) * export ResourceRenderer and HtmlResource ([2b841a5](2b841a5)) * exports ([3a93a16](3a93a16)) * iframe handle ([#15](#15)) ([66bd4fd](66bd4fd)) * lint ([4487820](4487820)) * lint ([d0a91f9](d0a91f9)) * minor typo ([a0bee9c](a0bee9c)) * move react dependencies to be peer dependencies ([#91](#91)) ([f672f3e](f672f3e)), closes [#90](#90) * package config ([8dc1e53](8dc1e53)) * packaging ([9e6babd](9e6babd)) * pass ref explicitly using iframeProps ([#33](#33)) ([d01b5d1](d01b5d1)) * publish ([0943e7a](0943e7a)) * ref passing to UIResourceRenderer ([#32](#32)) ([d28c23f](d28c23f)) * release ([420efc0](420efc0)) * remove shared dependency ([e66e8f4](e66e8f4)) * rename components and methods to fit new scope ([#22](#22)) ([6bab1fe](6bab1fe)) * rename delivery -> encoding and flavor -> framework ([#36](#36)) ([9a509ed](9a509ed)) * Ruby comment ([b22dc2e](b22dc2e)) * server versioning ([2324371](2324371)) * support react-router ([21ffb95](21ffb95)) * text and blob support in RemoteDOM resources ([ec68eb9](ec68eb9)) * trigger release ([aaca831](aaca831)) * typescript ci publish ([e7c0ebf](e7c0ebf)) * typescript types to be compatible with MCP SDK ([#10](#10)) ([74365d7](74365d7)) * update deps ([4091ef4](4091ef4)) * update isUIResource to use EmbeddedResource type ([#122](#122)) ([5a65a0b](5a65a0b)), closes [#117](#117) * use targetOrigin in the proxy message relay ([#40](#40)) ([b3fb54e](b3fb54e)) * validate URL ([b7c994d](b7c994d)) * wc dist overwrite ([#63](#63)) ([9e46c56](9e46c56)) ### Documentation * bump ([#4](#4)) ([ad4d163](ad4d163)) ### Features * add adapters infra (appssdk) ([#125](#125)) ([2e016cd](2e016cd)) * add convenience function isUIResource to client SDK ([#86](#86)) ([607c6ad](607c6ad)) * add embeddedResourceProps for annotations ([#99](#99)) ([b96ec44](b96ec44)) * add proxy option to externalUrl ([#37](#37)) ([7b95cd0](7b95cd0)) * add remote-dom content type ([#18](#18)) ([5dacf37](5dacf37)) * add Ruby server SDK ([#31](#31)) ([5ffcde4](5ffcde4)) * add sandbox permissions instead of an override ([#83](#83)) ([b1068e9](b1068e9)) * add ui-request-render-data message type ([#111](#111)) ([26135ce](26135ce)) * add UIResourceRenderer Web Component ([#58](#58)) ([ec8f299](ec8f299)) * auto resize with the autoResizeIframe prop ([#56](#56)) ([76c867a](76c867a)) * change onGenericMcpAction to optional onUiAction ([1913b59](1913b59)) * **client:** allow setting supportedContentTypes for HtmlResource ([#17](#17)) ([e009ef1](e009ef1)) * consolidate ui:// and ui-app:// ([#8](#8)) ([2e08035](2e08035)) * pass iframe props down ([#14](#14)) ([112539d](112539d)) * refactor UTFtoB64 (bump server version) ([#95](#95)) ([2d5e16b](2d5e16b)) * send render data to the iframe ([#51](#51)) ([d38cfc7](d38cfc7)) * separate html and remote-dom props ([#24](#24)) ([a7f0529](a7f0529)) * support generic messages response ([#35](#35)) ([10b407b](10b407b)) * support passing resource metadata ([#87](#87)) ([f1c1c9b](f1c1c9b)) * support ui action result types ([#6](#6)) ([899d152](899d152)) * switch to ResourceRenderer ([#21](#21)) ([6fe3166](6fe3166)) ### BREAKING CHANGES * The existing naming is ambiguous. Renaming delivery to encoding and flavor to framework should clarify the intent. * exported names have changed * removed deprecated client API * (previous one didn't take due to semantic-release misalignment)
github-actions bot
pushed a commit
that referenced
this pull request
Nov 4, 2025
# 1.0.0 (2025-11-04) ### Bug Fixes * add a bridge to pass messages in and out of the proxy ([#38](#38)) ([30ccac0](30ccac0)) * bump client version ([75c9236](75c9236)) * **client:** specify iframe ([fd0b70a](fd0b70a)) * **client:** styling ([6ff9b68](6ff9b68)) * dependencies ([887f61f](887f61f)) * Enable bidirectional message relay in rawhtml proxy mode ([#138](#138)) ([f0bdefb](f0bdefb)) * ensure Apps SDK adapter is bundled properly and initialized wth config ([#137](#137)) ([4f7c25c](4f7c25c)) * export RemoteDomResource ([2b86f2d](2b86f2d)) * export ResourceRenderer and HtmlResource ([2b841a5](2b841a5)) * exports ([3a93a16](3a93a16)) * fix file extension reference in package.json ([927989c](927989c)) * iframe handle ([#15](#15)) ([66bd4fd](66bd4fd)) * lint ([4487820](4487820)) * lint ([d0a91f9](d0a91f9)) * minor typo ([a0bee9c](a0bee9c)) * move react dependencies to be peer dependencies ([#91](#91)) ([f672f3e](f672f3e)), closes [#90](#90) * package config ([8dc1e53](8dc1e53)) * packaging ([9e6babd](9e6babd)) * pass ref explicitly using iframeProps ([#33](#33)) ([d01b5d1](d01b5d1)) * publish ([0943e7a](0943e7a)) * ref passing to UIResourceRenderer ([#32](#32)) ([d28c23f](d28c23f)) * remove shared dependency ([e66e8f4](e66e8f4)) * rename components and methods to fit new scope ([#22](#22)) ([6bab1fe](6bab1fe)) * rename delivery -> encoding and flavor -> framework ([#36](#36)) ([9a509ed](9a509ed)) * Ruby comment ([b22dc2e](b22dc2e)) * support react-router ([21ffb95](21ffb95)) * text and blob support in RemoteDOM resources ([ec68eb9](ec68eb9)) * trigger release ([aaca831](aaca831)) * typescript ci publish ([e7c0ebf](e7c0ebf)) * typescript types to be compatible with MCP SDK ([#10](#10)) ([74365d7](74365d7)) * update deps ([4091ef4](4091ef4)) * update isUIResource to use EmbeddedResource type ([#122](#122)) ([5a65a0b](5a65a0b)), closes [#117](#117) * use targetOrigin in the proxy message relay ([#40](#40)) ([b3fb54e](b3fb54e)) * validate URL ([b7c994d](b7c994d)) * wc dist overwrite ([#63](#63)) ([9e46c56](9e46c56)) ### Documentation * bump ([#4](#4)) ([ad4d163](ad4d163)) ### Features * add convenience function isUIResource to client SDK ([#86](#86)) ([607c6ad](607c6ad)) * add embeddedResourceProps for annotations ([#99](#99)) ([b96ec44](b96ec44)) * add proxy option to externalUrl ([#37](#37)) ([7b95cd0](7b95cd0)) * add remote-dom content type ([#18](#18)) ([5dacf37](5dacf37)) * add Ruby server SDK ([#31](#31)) ([5ffcde4](5ffcde4)) * add sandbox permissions instead of an override ([#83](#83)) ([b1068e9](b1068e9)) * add ui-request-render-data message type ([#111](#111)) ([26135ce](26135ce)) * add UIResourceRenderer Web Component ([#58](#58)) ([ec8f299](ec8f299)) * auto resize with the autoResizeIframe prop ([#56](#56)) ([76c867a](76c867a)) * change onGenericMcpAction to optional onUiAction ([1913b59](1913b59)) * **client:** allow setting supportedContentTypes for HtmlResource ([#17](#17)) ([e009ef1](e009ef1)) * consolidate ui:// and ui-app:// ([#8](#8)) ([2e08035](2e08035)) * pass iframe props down ([#14](#14)) ([112539d](112539d)) * refactor UTFtoB64 (bump server version) ([#95](#95)) ([2d5e16b](2d5e16b)) * send render data to the iframe ([#51](#51)) ([d38cfc7](d38cfc7)) * separate html and remote-dom props ([#24](#24)) ([a7f0529](a7f0529)) * support adapters ([#127](#127)) ([d4bd152](d4bd152)) * support generic messages response ([#35](#35)) ([10b407b](10b407b)) * support metadata in Python SDK ([#134](#134)) ([9bc3c64](9bc3c64)) * support passing resource metadata ([#87](#87)) ([f1c1c9b](f1c1c9b)) * support proxy for rawHtml ([#132](#132)) ([1bbeb09](1bbeb09)) * support ui action result types ([#6](#6)) ([899d152](899d152)) * switch to ResourceRenderer ([#21](#21)) ([6fe3166](6fe3166)) ### BREAKING CHANGES * The existing naming is ambiguous. Renaming delivery to encoding and flavor to framework should clarify the intent. * exported names have changed * removed deprecated client API * (previous one didn't take due to semantic-release misalignment)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve security by specifying the origin instead of
*(whenever possible)