McpServer.Resource.Meta.UI.CSP (HTTP MCP Server v0.8.0)

Content Security Policy configuration for UI resources.

Declares which external domains are allowed for various resource types in sandboxed iframes. These fields map to CSP directives:

Field	CSP Directive
`connect_domains`	`connect-src` (API calls, WebSockets)
`resource_domains`	`script-src`, `style-src`, `img-src`, `media-src`, `font-src`
`frame_domains`	`frame-src`
`base_uri_domains`	`base-uri`

Examples

iex> McpServer.Resource.Meta.UI.CSP.new(
...>   connect_domains: ["api.weather.com"],
...>   resource_domains: ["cdn.weather.com"]
...> )
%McpServer.Resource.Meta.UI.CSP{
  connect_domains: ["api.weather.com"],
  resource_domains: ["cdn.weather.com"]
}

Summary

Types

t()

Functions

new(opts \\ [])

Creates a new CSP struct.

Types

t()

@type t() :: %McpServer.Resource.Meta.UI.CSP{
  base_uri_domains: [String.t()],
  connect_domains: [String.t()],
  frame_domains: [String.t()],
  resource_domains: [String.t()]
}

Functions

new(opts \\ [])

@spec new(keyword()) :: t()

Creates a new CSP struct.

Parameters

opts - Keyword list of options:
- :connect_domains - Domains for network requests (default: [])
- :resource_domains - Domains for static resources (default: [])
- :frame_domains - Domains for nested iframes (default: [])
- :base_uri_domains - Base URI allowlist (default: [])