[Feature Request] Auto-allowlist MCP server domains for code execution network egress

Open 💬 0 comments Opened Jun 24, 2026 by lukepuplett

Improvement for Claude Desktop and other Claude MCP clients

Feedback: Auto-allowlist MCP server domains for code execution network egress

When a user connects an MCP server, its host domain should automatically be added to the egress allowlist for code execution (curl/bash). Currently, if an MCP tool returns a signed upload URL pointing back to its own domain, the subsequent curl call is blocked — even though the user has already explicitly trusted that server by connecting it.

In practice this means file upload workflows that are deliberately designed to work via Claude (mint a signed URL → upload the file) silently fail at the last step, with no way for the user to unblock it in the claude.ai web interface.

Suggested behaviour: When an MCP server is connected, its origin domain is implicitly trusted for outbound network calls in the code execution sandbox — consistent with the trust already granted by connecting the MCP itself.

---

This is downstream of no MCP binary upload solution. I make a signed URL and pass it back via MCP with instructions and the LLM then runs a curl command against the URL to post the file to. But this hits the allowlist system. If the MCP server's hostname was auto whitelisted, it would work, I think.

View original on GitHub ↗