releases.shpreview

MCP App resource validation hardened; iframe permissions deny-by-default

@ai-sdk/react@4.0.31

July 15, 2026AI SDKView original ↗
1 feature1 fixThis release1 featureNew capabilities1 fixBug fixesAI-tallied from the release notes
From the original release noteView original ↗

Patch Changes

  • 48e7e78: Harden MCP Apps handling of server-supplied resource metadata and the host/iframe bridge:

    • Runtime-validate _meta.ui and drop malformed or non-string fields.
    • Gate iframe permissions deny-by-default via a new sandbox.allowedPermissions allowlist.
    • Derive a concrete postMessage target origin and validate inbound message origins.
    • Validate inbound bridge params: limit resources/read to ui:// resources and allow only https/http/mailto in ui/open-link.
    • Add fingerprintMCPAppResource / detectMCPAppResourceDrift for pinning and comparing app resources.
  • Updated dependencies [48e7e78]

    • @ai-sdk/mcp@2.0.14

Fetched July 15, 2026

MCP App resource validation hardened; iframe permissions… — releases.sh