ix-windows: correct sandbox docs (opaque origin, not a network block)#1337
Merged
Merged
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Contributor
Blast radius
pie showData title Rebuilt checks by category
"image" : 15
"rust" : 2
"site" : 2
"agent" : 1
"blast" : 1
"eval" : 1
"lint" : 1
flowchart LR
c0["ix-mcp"]
c1["blast-radius-test"]
c2["agent-skills"]
c3["lint"]
c4["site-test"]
c5["site-case-tests"]
c0 --> k0["agent-skills"]
c0 --> k2["eval"]
c0 --> k3["image-development-base"]
c0 --> k4["image-kernel-dev"]
c0 --> k5["image-minecraft"]
changed checks (23)
|
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Follow-up to #1334: correct the
ix-windowssandbox docs. The merged wording overstated the sandbox as a network block ("external CDN scripts/styles ... are blocked", mermaid "silently fails").sandbox="allow-scripts"(noallow-same-origin) creates an opaque origin — that removes same-originfetch, cookies, and storage, but it is not a CSP/network block: absolute HTTPS subresources can still load subject to CORS. What I actually observed failing was an ES-moduleimportfrom a CDN under the opaque origin. Docs now say exactly that, and keep the real guidance: for a reproducible offline pane, inline assets and pre-render libraries (mermaid → SVG).Matches the same correction made to the
register_resourcedocstring in #1335 (flagged by the AI reviewer there).🤖 Authored with Claude Code (Opus).
Note
Correct sandbox docs to clarify opaque-origin behavior in ix-windows
Updates overview.md and README.md to fix a mis-description of the sandboxed shell: the restriction is opaque-origin (not a network block), meaning same-origin fetch, cookies, and storage are unavailable, but absolute HTTPS subresources may still load subject to CORS. ES-module imports from a CDN may fail. The recommendation is updated from "self-contained HTML only" to "prefer self-contained HTML" with pre-rendered assets (e.g., mermaid rendered to SVG) for reliable offline panes.
Macroscope summarized 85c69a3.