Feature request for product/service
Cursor IDE
Describe the request
Cursor automatically sets “json.schemaDownload.enable": false due to CVE-2025-49150. That disables intellisense, hover support, etc. for json files.
So we can have those helpful features, or we can close a gaping hole to malicious agents - a terrible dillemma. VSCode solved this by adding a setting json.schemaDownload.trustedDomains to whitelist trusted domains. However, Cursor has not yet added that setting.
Working without json support is very frustrating. But opening ourselves to a known exploit is playing with fire.
That trustedDomains setting has been in upstream for a long time now. Please integrate it into Cusor.