fix: apply URL filters to resource loading#2225
Open
mturac wants to merge 2 commits into
Open
Conversation
mturac
force-pushed
the
fix/issue-2218-resource-url-patterns
branch
from
fac5343 to
a611c2c
Compare
nattallius
reviewed
Jun 20, 2026
nattallius
left a comment
nattallius
left a comment
Contributor
There was a problem hiding this comment.
Thanks you for contribution! Looks good for me mostly.
Сan you also add validation of both patterns in src/bin/chrome-devtools-mcp-cli-options.ts
blockedUrlPattern: {
type: 'array',
describe:
'Restricts network access by blocking specified URL patterns (uses https://urlpattern.spec.whatwg.org/). Silently detaches from targets with blocked URLs upon connection, and blocks runtime requests (including navigations and subresources). Accepts an array of patterns.',
conflicts: ['allowedUrlPattern'],
coerce: (patterns: unknown[] | undefined) => {
if (!patterns) {
return undefined;
}
for (const pattern of patterns) {
new URLPattern(String(pattern));
}
return patterns.map(String);
},
}
| performanceCrux: boolean; | ||
| // Whether allowlist/blocklist is configured. | ||
| hasNetworkBlockOrAllowlist?: boolean; | ||
| // URL patterns to block for direct resource loads. |
Contributor
There was a problem hiding this comment.
Now as we pass options into context, we don't need to pass hasNetworkBlockOrAllowlist and we can calculate and assign it in the context constructor ourself. Can you please remove it from McpContextOptions
| }); | ||
| }); | ||
|
|
||
| it('http protocol respects the network blocklist', async () => { |
Contributor
There was a problem hiding this comment.
Suggested change
| it('http protocol respects the network blocklist', async () => { | |
| it('should block remote resources matching the blocklist', async () => { |
| ); | ||
| }); | ||
|
|
||
| it('http protocol respects the network allowlist', async () => { |
Contributor
There was a problem hiding this comment.
Suggested change
| it('http protocol respects the network allowlist', async () => { | |
| it('should only load remote resources matching the allowlist', async () => { |
| ); | ||
| }); | ||
|
|
||
| it('http protocol ignores an empty network allowlist', async () => { |
Contributor
There was a problem hiding this comment.
Suggested change
| it('http protocol ignores an empty network allowlist', async () => { | |
| it('should allow all remote resources if the allowlist is empty', async () => { |
| describe: | ||
| 'Restricts network access by allowing only specified URL patterns (uses https://urlpattern.spec.whatwg.org/). Requires Chrome 149+. Silently detaches from targets with unallowed URLs upon connection, and blocks runtime requests (including navigations and subresources). Accepts an array of patterns.', | ||
| conflicts: ['blockedUrlPattern'], | ||
| coerce: (patterns: unknown[] | undefined) => { |
Collaborator
There was a problem hiding this comment.
Let's extract this is a helper function - verifyUrlPatterns
Comment on lines
+134
to
+137
| this.#allowlist = | ||
| options.allowlist && options.allowlist.length > 0 | ||
| ? options.allowlist.map(pattern => new URLPattern(pattern)) | ||
| : undefined; |
Collaborator
There was a problem hiding this comment.
Suggested change
| this.#allowlist = | |
| options.allowlist && options.allowlist.length > 0 | |
| ? options.allowlist.map(pattern => new URLPattern(pattern)) | |
| : undefined; | |
| this.#allowlist = options.allowlist?.map(pattern => new URLPattern(pattern)); |
| #options: McpContextOptions; | ||
| #heapSnapshotManager = new HeapSnapshotManager(); | ||
| #roots: Root[] | undefined = undefined; | ||
| #blocklist: URLPattern[]; |
Collaborator
There was a problem hiding this comment.
We can have the same pattern of
Suggested change
| #blocklist: URLPattern[]; | |
| #blocklist: URLPattern[] | undefined; |
And check for existence in #validateNetworkResource
| } | ||
|
|
||
| #validateNetworkResource(url: URL): void { | ||
| const urlString = url.href; |
Collaborator
There was a problem hiding this comment.
Not needed for this variable we can pass the url directly to the pattern.test
| import {getMockRequest, html, withMcpContext} from './utils.js'; | ||
|
|
||
| describe('McpContext', () => { | ||
| const server = serverHooks(); |
Collaborator
There was a problem hiding this comment.
Let's move this under describe('loadResource', () => {
|
|
||
| it('rejects invalid blocked-url-pattern values', async () => { | ||
| assert.throws(() => | ||
| cliOptions.blockedUrlPattern.coerce(['https://[invalid']), |
Collaborator
There was a problem hiding this comment.
We should not test the function directly but use the parseArguments to validate the parsing. Similar to how it's done for other tests.
mturac
force-pushed
the
fix/issue-2218-resource-url-patterns
branch
from
ace7cb8 to
574cd29
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2218.
McpContext.loadResource()already validatedfile:resources through workspace roots, but directhttp:/https:resource fetches did not apply the configured URL filters. This threads the existing blocked/allowed URL patterns into the context and checks them before fetching remote resources.Regression coverage uses the local test server to verify blocked URLs are rejected, allowed URLs still load, and an empty allowlist does not accidentally deny all resource loads.
How I tested:
npm run test tests/McpContext.test.tsnpm run test tests/network_blocking.test.tsnpm run check-formatI also tried
npm run test; the build completed, but the full suite failed locally in timing-sensitive unrelated tests (telemetry.test.tswaiting forserver_start, andshutdown.test.tsstdin-EOF shutdown budget).