feat: support proxy for rawHtml #132
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for proxying raw HTML content (text/html MIME type) through a proxy server, extending the existing proxy functionality that previously only supported external URLs (text/uri-list). The implementation uses a double-iframe architecture where the HTML content is delivered to the proxy via postMessage after the proxy signals readiness, enabling raw HTML to work with restrictive Content Security Policies.
Key changes:
- Extended proxy flow to support raw HTML delivery via postMessage with
contentType=rawhtmlparameter - Added new internal message types for proxy lifecycle communication (
UI_PROXY_IFRAME_READY,UI_HTML_CONTENT) - Updated proxy script to handle both external URLs and raw HTML content with proper sandbox configuration
Reviewed Changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| sdks/typescript/server/src/index.ts | Added new internal message type constant for raw HTML content transport |
| sdks/typescript/client/src/utils/processResource.ts | Modified HTML processing logic to support proxy with postMessage-based content delivery |
| sdks/typescript/client/src/utils/tests/processResource.test.ts | Added comprehensive test coverage for proxy-based raw HTML rendering scenarios |
| sdks/typescript/client/src/components/tests/UIResourceRenderer.unmocked.test.tsx | Added integration test verifying proxy readiness signal and content delivery flow |
| sdks/typescript/client/src/components/tests/ProxyScript.test.ts | Added new test file validating proxy script behavior with raw HTML content |
| sdks/typescript/client/src/components/UIResourceRenderer.tsx | Simplified rawHtml case to pass proxy prop through to HTMLResourceRenderer |
| sdks/typescript/client/src/components/HTMLResourceRenderer.tsx | Implemented proxy readiness handling and HTML content delivery via postMessage |
| sdks/typescript/client/scripts/proxy/index.html | Extended proxy script to handle raw HTML mode with double-iframe architecture and permissive CSP |
| sdks/typescript/client/package.json | Added @types/jsdom dev dependency for proxy script testing |
| docs/src/guide/client/using-a-proxy.md | Updated documentation with raw HTML proxy architecture, flow diagrams, and implementation requirements |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
sdks/typescript/client/src/utils/__tests__/processResource.test.ts
Outdated
Show resolved
Hide resolved
sdks/typescript/client/src/utils/__tests__/processResource.test.ts
Outdated
Show resolved
Hide resolved
sdks/typescript/client/src/utils/__tests__/processResource.test.ts
Outdated
Show resolved
Hide resolved
sdks/typescript/client/src/components/__tests__/ProxyScript.test.ts
Outdated
Show resolved
Hide resolved
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Deploying mcp-ui with
|
| Latest commit: |
0acab70
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://31051951.mcp-ui.pages.dev |
| Branch Preview URL: | https://feat-rawhtml-proxy.mcp-ui.pages.dev |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
github-actions bot
pushed a commit
that referenced
this pull request
Oct 22, 2025
…t/v5.14.0) (2025-10-22) ### Features * support proxy for rawHtml ([#132](#132)) ([1bbeb09](1bbeb09))
infoxicator
reviewed
Oct 23, 2025
Contributor
infoxicator
left a comment
infoxicator
left a comment
There was a problem hiding this comment.
@idosal Are you thinking about adding support for proxy to the remoteDom iframe as well?
github-actions bot
pushed a commit
that referenced
this pull request
Nov 4, 2025
# 1.0.0 (2025-11-04) ### Bug Fixes * add a bridge to pass messages in and out of the proxy ([#38](#38)) ([30ccac0](30ccac0)) * bump client version ([75c9236](75c9236)) * **client:** specify iframe ([fd0b70a](fd0b70a)) * **client:** styling ([6ff9b68](6ff9b68)) * dependencies ([887f61f](887f61f)) * Enable bidirectional message relay in rawhtml proxy mode ([#138](#138)) ([f0bdefb](f0bdefb)) * ensure Apps SDK adapter is bundled properly and initialized wth config ([#137](#137)) ([4f7c25c](4f7c25c)) * export RemoteDomResource ([2b86f2d](2b86f2d)) * export ResourceRenderer and HtmlResource ([2b841a5](2b841a5)) * exports ([3a93a16](3a93a16)) * fix file extension reference in package.json ([927989c](927989c)) * iframe handle ([#15](#15)) ([66bd4fd](66bd4fd)) * lint ([4487820](4487820)) * lint ([d0a91f9](d0a91f9)) * minor typo ([a0bee9c](a0bee9c)) * move react dependencies to be peer dependencies ([#91](#91)) ([f672f3e](f672f3e)), closes [#90](#90) * package config ([8dc1e53](8dc1e53)) * packaging ([9e6babd](9e6babd)) * pass ref explicitly using iframeProps ([#33](#33)) ([d01b5d1](d01b5d1)) * publish ([0943e7a](0943e7a)) * ref passing to UIResourceRenderer ([#32](#32)) ([d28c23f](d28c23f)) * remove shared dependency ([e66e8f4](e66e8f4)) * rename components and methods to fit new scope ([#22](#22)) ([6bab1fe](6bab1fe)) * rename delivery -> encoding and flavor -> framework ([#36](#36)) ([9a509ed](9a509ed)) * Ruby comment ([b22dc2e](b22dc2e)) * support react-router ([21ffb95](21ffb95)) * text and blob support in RemoteDOM resources ([ec68eb9](ec68eb9)) * trigger release ([aaca831](aaca831)) * typescript ci publish ([e7c0ebf](e7c0ebf)) * typescript types to be compatible with MCP SDK ([#10](#10)) ([74365d7](74365d7)) * update deps ([4091ef4](4091ef4)) * update isUIResource to use EmbeddedResource type ([#122](#122)) ([5a65a0b](5a65a0b)), closes [#117](#117) * use targetOrigin in the proxy message relay ([#40](#40)) ([b3fb54e](b3fb54e)) * validate URL ([b7c994d](b7c994d)) * wc dist overwrite ([#63](#63)) ([9e46c56](9e46c56)) ### Documentation * bump ([#4](#4)) ([ad4d163](ad4d163)) ### Features * add convenience function isUIResource to client SDK ([#86](#86)) ([607c6ad](607c6ad)) * add embeddedResourceProps for annotations ([#99](#99)) ([b96ec44](b96ec44)) * add proxy option to externalUrl ([#37](#37)) ([7b95cd0](7b95cd0)) * add remote-dom content type ([#18](#18)) ([5dacf37](5dacf37)) * add Ruby server SDK ([#31](#31)) ([5ffcde4](5ffcde4)) * add sandbox permissions instead of an override ([#83](#83)) ([b1068e9](b1068e9)) * add ui-request-render-data message type ([#111](#111)) ([26135ce](26135ce)) * add UIResourceRenderer Web Component ([#58](#58)) ([ec8f299](ec8f299)) * auto resize with the autoResizeIframe prop ([#56](#56)) ([76c867a](76c867a)) * change onGenericMcpAction to optional onUiAction ([1913b59](1913b59)) * **client:** allow setting supportedContentTypes for HtmlResource ([#17](#17)) ([e009ef1](e009ef1)) * consolidate ui:// and ui-app:// ([#8](#8)) ([2e08035](2e08035)) * pass iframe props down ([#14](#14)) ([112539d](112539d)) * refactor UTFtoB64 (bump server version) ([#95](#95)) ([2d5e16b](2d5e16b)) * send render data to the iframe ([#51](#51)) ([d38cfc7](d38cfc7)) * separate html and remote-dom props ([#24](#24)) ([a7f0529](a7f0529)) * support adapters ([#127](#127)) ([d4bd152](d4bd152)) * support generic messages response ([#35](#35)) ([10b407b](10b407b)) * support metadata in Python SDK ([#134](#134)) ([9bc3c64](9bc3c64)) * support passing resource metadata ([#87](#87)) ([f1c1c9b](f1c1c9b)) * support proxy for rawHtml ([#132](#132)) ([1bbeb09](1bbeb09)) * support ui action result types ([#6](#6)) ([899d152](899d152)) * switch to ResourceRenderer ([#21](#21)) ([6fe3166](6fe3166)) ### BREAKING CHANGES * The existing naming is ambiguous. Renaming delivery to encoding and flavor to framework should clarify the intent. * exported names have changed * removed deprecated client API * (previous one didn't take due to semantic-release misalignment)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the
proxyprop is passed to the<UIResourceRenderer>,rawHtmlresources will be rendered inside a nested iframe. This opens the path to define a custom CSP for resources that is detached from the host's CSP.