CSP Allow-list Experiment

2026-05-13 · Source: Simon Willison's Weblog · Field: Technology & Digital — Software Development & Engineering, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

The "CSP Allow-list Experiment" is a web tool demonstrating a method for dynamically managing Content Security Policy (CSP) `connect-src` directives within a sandboxed iframe. This experiment allows an application running in a CSP-protected iframe to intercept network requests that would otherwise be blocked by the CSP. When a request is blocked, the iframe communicates the blocked origin to its parent window. The parent then prompts the user to add the blocked domain to an allow-list. Upon user approval, the page refreshes, enabling the previously blocked request. The tool was developed using GPT-5.5 xhigh within the Codex desktop application.

Key takeaway

For web developers building applications within strict CSP environments, particularly those using sandboxed iframes, consider implementing a dynamic allow-listing mechanism. This approach can significantly improve user experience by allowing legitimate external API calls without requiring pre-configured, overly permissive CSPs, enabling more flexible and interactive applications.

Key insights

Dynamically managing CSP allow-lists in sandboxed iframes enhances user experience and application flexibility.

Principles

• CSP errors can be intercepted by custom `fetch()`.
• Parent windows can manage iframe CSP allow-lists.

Method

An app in a sandboxed iframe uses a custom `fetch()` to catch CSP errors, passing blocked origins to the parent window for user-prompted allow-listing and page refresh.

In practice

• Implement custom `fetch()` for CSP error handling.
• Use parent-child window communication for security prompts.

Topics

• Content Security Policy
• Sandboxed iframe
• fetch() API
• CSP Allow-list
• GPT-5.5 xhigh

Best for: Software Engineer, AI Engineer, AI Security Engineer

Related on AIssential

• Why MCP and ChatGPT Apps Use Double Iframes — Frédéric Barthelet, Alpic — The double iFrame mechanism isolates third-party app UIs within conversational agents, addressing complex security and origin challenges.
• datasette PR #2689: Replace token-based CSRF with Sec-Fetch-Site header protection — Modern CSRF protection can effectively use the `Sec-Fetch-Site` header, simplifying web application security.
• C/C++ checklist challenges, solved — C/C++ APIs often hide subtle behaviors that lead to critical security vulnerabilities.
• Making the OWASP top ten in the vibe code era​​​​‌‍​‍​‍‌‍‌​‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍​‍​‍​‍‍​‍​‍‌​‌‍​‌‌‍‍‌‍‍‌‌‌​‌‍‌​‍‍‌‍‍‌‌‍​‍​‍​‍​​‍​‍‌‍‍​‌​‍‌‍‌‌‌‍‌‍​‍​‍​‍‍​‍​‍‌‍‍​‌‌​‌‌​‌​​‌​​‍‍​‍​‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‍‌‌‍‍‌‌​‌‍‌‌‌‍‍‌‌​​‍‌‍‌‌‌‍‌​‌‍‍‌‌‌​​‍‌‍‌‌‍‌‍‌​‌‍‌‌​‌‌​​‌​‍‌‍‌‌‌​‌‍‌‌‌‍‍‌‌​‌‍​‌‌‌​‌‍‍‌‌‍‌‍‍​‍‌‍‍‌‌‍‌​​‌​‍​‌‍​‌​​​‌‍​‍‌​‌‍‌‍​‍​‌​​‍‌​‍​​​‌‌‍‌‍​​​‍‌​‌​‌‍‌‌​‌‌‌‍‌‌​‍‌‌‍​‌​​​‌‍​‌‍​‍​‍‌‌‍​​‌‌‌‍‌‌‌‍​‌​‍​​​‌​‌‌‍‌​​‍​​‍​​​​​‌​‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‌‍​‍‌‍​‌‌​‌‍‌‌‌‌‌‌‌​‍‌‍​​‌‌‍‍​‌‌​‌‌​‌​​‌​​‍‌‌​​‌​​‌​‍‌‌​​‍‌​‌‍​‍‌‌​​‍‌​‌‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‌‍‍‌‌‍‌​​‌​‍​‌‍​‌​​​‌‍​‍‌​‌‍‌‍​‍​‌​​‍‌​‍​​​‌‌‍‌‍​​​‍‌​‌​‌‍‌‌​‌‌‌‍‌‌​‍‌‌‍​‌​​​‌‍​‌‍​‍​‍‌‌‍​​‌‌‌‍‌‌‌‍​‌​‍​​​‌​‌‌‍‌​​‍​​‍​​​​​‌​‍‌‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‍‌‍‌​​‌‍‌‌‌​‍‌​‌​​‌‍‌‌‌‍​‌‌​‌‍‍‌‌‌‍‌‍‌‌​‌‌​​‌‌‌‌‍​‍‌‍​‌‍‍‌‌​‌‍‍​‌‍‌‌‌‍‌​​‍​‍‌‌ — The OWASP Top 10 for 2025 defines critical web security risks, complemented by resources for secure AI-assisted coding.
• LaunchOS — Web access often involves security verification against bots.
• SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon — AI-specific vulnerabilities can chain with classic web bugs to create novel, potent data exfiltration paths.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Simon Willison's Weblog.