[Feature Request] Auto-allowlist MCP server domains for code execution network egress
Improvement for Claude Desktop and other Claude MCP clients
Feedback: Auto-allowlist MCP server domains for code execution network egress
When a user connects an MCP server, its host domain should automatically be added to the egress allowlist for code execution (curl/bash). Currently, if an MCP tool returns a signed upload URL pointing back to its own domain, the subsequent curl call is blocked — even though the user has already explicitly trusted that server by connecting it.
In practice this means file upload workflows that are deliberately designed to work via Claude (mint a signed URL → upload the file) silently fail at the last step, with no way for the user to unblock it in the claude.ai web interface.
Suggested behaviour: When an MCP server is connected, its origin domain is implicitly trusted for outbound network calls in the code execution sandbox — consistent with the trust already granted by connecting the MCP itself.
---
This is downstream of no MCP binary upload solution. I make a signed URL and pass it back via MCP with instructions and the LLM then runs a curl command against the URL to post the file to. But this hits the allowlist system. If the MCP server's hostname was auto whitelisted, it would work, I think.