Cloud agents cannot access CDNs - even if host allowed or firewall completely disabled.

[Josverl]

or : How can I use Cloud Agent + MCP Playwright + a CDN to serve ESMs ?

Setup:

• project with a HTML5 page loading components (codemirror) from esm.sh
• repo configured with either
  • allow hosts or urls to access CDN
  • firewall completely off
• Instruct cloud agent to to work , and verify this by testing with MCP Playwright

Expected :

page to load including modules from CDN

Actual

Working:

• Page HTML loads successfully (HTTP 200)
• CSS styles load correctly
• Local JavaScript files load (app.js, lsp/client.js, lsp/diagnostics.js)
• UI elements render (buttons, header, footer)
• Import map is present in the HTML

Not Working:

• Editor container is empty (childElementCount: 0)
• No CodeMirror editor elements (.cm-editor class not found)
• CodeMirror JavaScript modules not loaded

This results in No editor functionality

Reported by agent:

Good! Now let me test the page using Playwright MCP to check if the CDN resources load correctly:

Navigate Playwright web browser to a URL

Ran Playwright code
await page.goto('http://localhost:8888/index.html');

New console messages
[ERROR] Failed to load resource: net::ERR_BLOCKED_BY_CLIENT.Inspector @ https://esm.sh/@codemirror/l...
[ERROR] Failed to load resource: net::ERR_BLOCKED_BY_CLIENT.Inspector @ https://esm.sh/@codemirror/s...
[ERROR] Failed to load resource: net::ERR_BLOCKED_BY_CLIENT.Inspector @ https://esm.sh/codemirror@6....
Page state
Page URL: http://localhost:8888/index.html
Page Title: CodeMirror Python Editor
Page Snapshot:
- generic [active] [ref=e1]:
  - banner [ref=e2]:
    - heading "CodeMirror 6 MicroPython Editor" [level=1] [ref=e3]
    - generic [ref=e4]:
      - button "Toggle dark/light theme" [ref=e5] [cursor=pointer]: 🌓 Toggle Theme
      - button "Run type checking with Pyright" [ref=e6] [cursor=pointer]: 🔍 Type Check
      - button "Clear editor content" [ref=e7] [cursor=pointer]: Clear
      - generic [ref=e8]:
        - combobox "Select example file" [ref=e9] [cursor=pointer]:
          - option "Select Example..." [selected]
        - button "Load selected sample" [ref=e10] [cursor=pointer]: Load
  - main [ref=e11]
  - contentinfo [ref=e13]:
    - paragraph [ref=e14]:
      - text: CodeMirror 6 MicroPython Editor |
      - link "CodeMirror Docs" [ref=e15] [cursor=pointer]:
        - /url: https://codemirror.net/6/

CDN Errors Detected
All three primary CodeMirror modules are being blocked:

• @codemirror/lang-python@6.1.6
  URL: https://esm.sh/@codemirror/lang-python@6.1.6?deps=...
  Error: net::ERR_BLOCKED_BY_CLIENT
• @codemirror/state@6.4.1
  URL: https://esm.sh/@codemirror/state@6.4.1
  Error: net::ERR_BLOCKED_BY_CLIENT
• codemirror@6.0.1
  URL: https://esm.sh/codemirror@6.0.1?deps=...
  Error: net::ERR_BLOCKED_BY_CLIENT

[Subhadip956425]

Hello, @Josverl 👋

This problem most likely arises because MCP Playwright environments and other GitHub Cloud Agents operate in sandboxed, restricted environments that prevent external network requests, including CDNs—even if:

permit the configuration of hosts or URLs, or

The firewall for the project is turned off.

Why does this occur?

Cloud Agents cannot freely retrieve external JavaScript from CDNs because they are built for secure, deterministic builds and tests.

Currently, CDNs are not even able to access the outbound internet through "allowed hosts" settings.

All ESM services (such as esm.sh, unpkg, jsDelivr, etc.) are subject to this restriction.

Solutions:

Bundle the dependencies locally: Rather than depending on esm.sh, download and serve the modules locally using a build tool (such as Vite, Webpack, or Rollup).

Utilise local ESM mirrors: Update the import paths and host a local copy of the necessary ESM modules in your repository.

Playwright and Cloud Agent tests must load from the same origin, so stay away from CDN dependencies.

In conclusion, cloud agents are unable to retrieve code from public CDNs due to security and isolation concerns.

[LukeSavefrogs]

• as there is no documentation to support the speculation

Apparently, now it is stated in the Cloud Agent documentation:

• Playwright: The Playwright MCP server gives Copilot access to web pages, including the ability to read, interact and take screenshots.

  • By default, the Playwright MCP server is only able to access web resources hosted within Copilot's own environment, accessible on localhost or 127.0.0.1.

Source

[Josverl]

• By default, the Playwright MCP server is only able to access web resources hosted within Copilot's own environment, accessible on localhost or 127.0.0.1.

Source

So are you implying that CDN pinhole access could be allowed/achieved by :

1. allowing the CDN(s) through the Agent firewall
2. set Playwright's PLAYWRIGHT_MCP_ALLOWED_ORIGINS to include the CDN(s)

Have you tried that yet ?

[LukeSavefrogs]

Have you tried that yet ?

Yes, I tried both approaches and didn't work:

1. As the documentation says the firewall does NOT apply to Playwright MCP Server, so allowing the CDNs through the firewall (or even disabling it at all) does not work.
2. Don't know why but even though on the paper PLAYWRIGHT_MCP_ALLOWED_ORIGINS should work I could not make it work 😕:

   jobs:
     copilot-setup-steps:
       runs-on: ubuntu-latest
       timeout-minutes: 30
       permissions:
         contents: read
   
       steps:
         # [ ... other steps ... ]
         - name: Export Playwright MCP allowed origins
           env:
             # Comma-separated list of external domains
             COPILOT_REROUTE_DOMAINS: "cdn.jsdelivr.net,cdnjs.cloudflare.com,unpkg.com,fonts.bunny.net,ui-avatars.com,tile.openstreetmap.org,tile.openstreetmap.fr,tile.opentopomap.org,tiles.stadiamaps.com,basemaps.cartocdn.com"
           run: |
             echo "PLAYWRIGHT_MCP_ALLOWED_ORIGINS=${{env.COPILOT_REROUTE_DOMAINS}},http://localhost:8000,http://127.0.0.1:8000" >> "$GITHUB_ENV"
             echo "PLAYWRIGHT_MCP_ALLOWED_HOSTS=${{env.COPILOT_REROUTE_DOMAINS}},http://localhost:8000,http://127.0.0.1:8000" >> "$GITHUB_ENV"

Solution

What worked for me was customizing the MCP configuration overriding the default one created by Github:

{
  "mcpServers": {
    "playwright": {
      "type": "local",
      "tools": ["*"],
      "command": "npx",
      "args": [
        "@playwright/mcp@latest",
        "--allowed-hosts='*'"
      ]
    }
  }
}

Tip

The best thing would be to add only the subset of allowed hosts you actually need, but i had enough headaches for the moment so i basically gave Copilot Agent carte blanche (which is not a very good thing) 😄

I tried setting --allowed-hosts=localhost,127.0.0.1,::1,cdn.jsdelivr.net,cdnjs.cloudflare.com,unpkg.com,fonts.bunny.net,ui-avatars.com,tile.openstreetmap.org,tile.openstreetmap.fr,tile.opentopomap.org,tiles.stadiamaps.com,basemaps.cartocdn.com but it wouldn't be able to even reach the application hosted on localhost (tried also with http://localhost and http://localhost:APP-PORT without succeeding). If anyone finds a better way to do it please tell in the discussion 🙏🏻

[Josverl]

What worked for me was customizing the MCP configuration overriding the default one created by Github:

Nice one ! 🤠

@LukeSavefrogs, I think you found the way to make this work, so I want to thank you for sharing this approach ;
Very Much Appreciated.

The reason that I selected Gecko51's answer is that I do not want to lead others to allowed-host "*"

[LukeSavefrogs]

@LukeSavefrogs, I think you found the way to make this work, so I want to thank you for sharing this approach ; Very Much Appreciated.

The reason that I selected Gecko51's answer is that I do not want to lead others to allowed-host "*"

No problem, I completely agree and I warned myself in my own comment that is absolutely NOT ideal to use a wildcard so broad... @Gecko51's answer is perfect as it is and adds lots of context!

As always... Team work is the key to success 🔝

[seanbearden]

Cross-linking — same root cause thread continues at #179594. GitHub's official docs confirm the custom allowlist is Bash-tool-only and does not govern MCP servers (quoted in my comment there). The PLAYWRIGHT_MCP_ALLOWED_ORIGINS workaround you reported as non-functional on hosted agent matches multiple independent reports.

[LukeSavefrogs]

@Josverl if this works for you too please consider marking the question as answered, to help others coming for the same problem 😄

[Josverl]

Thank you very much for your efforts @LukeSavefrogs and @Gecko51

Agent session in process : Things are looking up, but it ain't over until that lady has sung ....

Update: And she sings 🎶 !
Clearly still a work in progress - but unblocked now.

Details