Actions Object Structure

Actions can be used to dynamically create tools from OpenAPI specs. The actions object structure allows you to specify allowed domains for agent/assistant actions.

More info: Agents - Actions

Example

# Example Actions Object Structure
actions:
  allowedDomains:
    - "swapi.dev"
    - "librechat.ai"
    - "google.com"
    - "https://api.example.com:8443"  # With protocol and port

allowedDomains

Key:

Optional

Security Context (SSRF Protection)

LibreChat includes SSRF (Server-Side Request Forgery) protection with the following behavior:

When allowedDomains is NOT configured:

• SSRF-prone targets are blocked by default
• All other external domains are allowed

When allowedDomains IS configured:

• Only domains on the list are allowed
• Internal/SSRF targets can be allowed by explicitly adding them to the list

Blocked SSRF targets include:

• Localhost addresses (localhost, 127.0.0.1, ::1)
• Private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
• Link-local addresses (169.254.0.0/16, includes cloud metadata IPs)
• Internal TLDs (.internal, .local, .localhost)
• Common internal service names (redis, mongodb, postgres, api, etc.)

If your actions need to access internal services, you must explicitly add them to allowedDomains.

Pattern Formats

The allowedDomains array supports several formats:

1. Domain only - Allows all protocols and ports:

   allowedDomains:
     - "api.example.com"

2. With protocol - Restricts to specific protocol:

   allowedDomains:
     - "https://api.example.com"

3. With protocol and port - Restricts to specific protocol and port:

   allowedDomains:
     - "https://api.example.com:8443"

4. Internal addresses (must be explicitly allowed):

   allowedDomains:
     - "192.168.1.100"
     - "internal-api.local"

Example:

allowedDomains:
  - "swapi.dev"
  - "librechat.ai"
  - "google.com"
  - "https://secure-api.example.com:443"
  - "192.168.1.50"  # Internal service (explicitly allowed)