Feature Request: Support Allowed Origins & Blocked Origins list options #239
Description
Is your feature request related to a problem? Please describe.
When adopting browser automation MCPs in a corporate environment, considering security is especially crucial. Any possibility of automatic/unintentional access to unknown/malicious content can be a reason for preventing adoption.
Playwright MCP, for example, has --allowed-origins & --blocked-origins to filter in/out which contents the MCP is allowed to access. This gives us more certainty on which content the tool will access, and this can bring a good reason to use the browser automation tool corporate-wide.
For example, we can restrict access except to localhost.
Describe the solution you'd like
Like Playwright MCP, providing CLI options to filter origins the MCP server can access (e.g. localhost only) prevents unintended navigation to unauthorized or potentially malicious sites while maintaining safe internal tool usage.
Playwright uses context.route(), which internally relies on the same CDP methods in the identical way as Pupeteer page.setRequestInterception() does.
- https://github.com/microsoft/playwright/blob/main/packages/playwright-core/src/server/chromium/crNetworkManager.ts#L155
- https://github.com/puppeteer/puppeteer/blob/48902651782c712a90cba51e913f1adf78933766/packages/puppeteer-core/src/cdp/NetworkManager.ts#L312
Additional context