https://video.ut0pia.org/videos/watch/0d993283-8517-4d29-80da-d0fbb08ae715 Inspect ChatGPT's DOM while an MCP app is rendering and you find an iframe nested inside another iframe. Frédéric Barthelet traces why each simpler approach fails: srcdoc shares the parent origin so ChatGPT's CSP blocks all third party scripts; relaxing that CSP lets any app read ChatGPT's localStorage and cookies; adding sandbox removes origin indexed storage; adding allow-same-origin to restore it is the classic sandbox escape. The double iframe is what remains after ruling all of that out. The outer iframe serves one lightweight script from a controlled subdomain (different subdomain per app to prevent cross app storage collisions), which loads the actual app HTML via srcdoc into the inner frame — the same pattern Facebook first shipped for their app marketplace. The practical implication: every external domain your view touches must be declared in your MCP app metadata or the submission gets rejected. Barthelet demos Skybridge's CSP inspector, which diffs declared domains against actual network calls live in dev. Speaker info: https://x.com/bartheletf, https://www.linkedin.com/in/frederic-barthelet/, https://github.com/fredericbarthelet Tue, 16 Jun 2026 08:04:52 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://video.ut0pia.org https://video.ut0pia.org/lazy-static/avatars/0287a09a-aae7-4840-9843-b416426e7046.webp https://video.ut0pia.org/videos/watch/0d993283-8517-4d29-80da-d0fbb08ae715 All rights reserved, unless otherwise specified in the terms specified at https://video.ut0pia.org/about and potential licenses granted by each content's rightholder.