You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In ChatGPT, we have our own sandbox <> host communication protocol that doesn't match the names of the protocol enforced by the "MUST" in the spec.
This changes that by marking the specific messages sent back and forth as a "SHOULD".
Copy file name to clipboardExpand all lines: specification/draft/apps.mdx
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -491,8 +491,8 @@ If the Host is a web page, it MUST wrap the View and communicate with it through
491
491
492
492
1. The Host and the Sandbox MUST have different origins.
493
493
2. The Sandbox MUST have the following permissions: `allow-scripts`, `allow-same-origin`.
494
-
3. The Sandbox MUST send a `ui/notifications/sandbox-proxy-ready` notification to the host when it's ready to process an `ui/notifications/sandbox-resource-ready` notification.
495
-
4. Once the Sandbox is ready, the Host MUST send the raw HTML resource to load in a `ui/notifications/sandbox-resource-ready` notification.
494
+
3. The Sandbox SHOULD send a `ui/notifications/sandbox-proxy-ready` notification to the host when it's ready to process an `ui/notifications/sandbox-resource-ready` notification.
495
+
4. Once the Sandbox is ready, the Host SHOULD send the raw HTML resource to load in a `ui/notifications/sandbox-resource-ready` notification.
496
496
5. The Sandbox MUST load the raw HTML of the View with CSP settings that:
497
497
- Enforce the domains declared in `ui.csp` metadata
498
498
- If `frameDomains` is provided, allow nested iframes from declared origins; otherwise use `frame-src 'none'`
0 commit comments