chrome-devtools-mcp icon indicating copy to clipboard operation
chrome-devtools-mcp copied to clipboard
Published 4 days ago verified publisher icon ChromeDevTools

Feature Request: Support Allowed Origins & Blocked Origins list options

Open sakupi01 opened this issue 3 months ago • 2 comments

Is your feature request related to a problem? Please describe.

When adopting browser automation MCPs in a corporate environment, considering security is especially crucial. Any possibility of automatic/unintentional access to unknown/malicious content can be a reason for preventing adoption. Playwright MCP, for example, has --allowed-origins & --blocked-origins to filter in/out which contents the MCP is allowed to access. This gives us more certainty on which content the tool will access, and this can bring a good reason to use the browser automation tool corporate-wide. For example, we can restrict access except to localhost.

Describe the solution you'd like Like Playwright MCP, providing CLI options to filter origins the MCP server can access (e.g. localhost only) prevents unintended navigation to unauthorized or potentially malicious sites while maintaining safe internal tool usage.

Playwright uses context.route(), which internally relies on the same CDP methods in the identical way as Pupeteer page.setRequestInterception() does.

  • https://github.com/microsoft/playwright/blob/main/packages/playwright-core/src/server/chromium/crNetworkManager.ts#L155
  • https://github.com/puppeteer/puppeteer/blob/48902651782c712a90cba51e913f1adf78933766/packages/puppeteer-core/src/cdp/NetworkManager.ts#L312

Additional context

sakupi01 avatar Oct 01 '25 12:10 sakupi01

Adding to the "thumbs up:" an answer to this is IMO the remaining blocker for taking this up at the firm I work for, as well.

The DevTools MCP is such a huge win, the amount of copy-pasting from the DevTools console that I'm doing is obviously wrong, this MCP really feels like the answer once we can have it in a secure way

DavidPoliakoff avatar Oct 08 '25 11:10 DavidPoliakoff

@OrKoN Hello, can I ask you about the status of this feature? I see you have left a comment here saying you will consider to add the support with other implementation approach. https://github.com/ChromeDevTools/chrome-devtools-mcp/pull/232#issuecomment-3551848579

Our team would love to see this feature implemented for better security 🙇

CW-EijiOsakabe avatar Dec 05 '25 03:12 CW-EijiOsakabe