MCP CSP domains sanitized against injection
@ai-sdk/react@4.0.29
1 fixThis release1 fixBug fixesAI-tallied from the release notes
Patch Changes
- 519c72b: fix (react/mcp-apps): sanitize server-supplied CSP domains in
getMCPAppCSPso values cannot inject extra directives, sources, or policies into the generated Content-Security-Policy
Fetched July 14, 2026


