The sandbox supports three levels of network access: restrict to domains in your sandbox.json, restrict to your allowlist plus Cursor’s built-in defaults, or allow all network access within the sandbox.
This gives you fine-grained control over what the agent can access, which matters especially in security-sensitive environments or when different projects have different network requirements. Enterprise admins can also enforce network allowlists and denylists from the admin dashboard, so organization-wide egress policies apply to all agent sandbox sessions.
We’d love your feedback!
How are you configuring network access for your projects? Strict allowlist, defaults, or unrestricted?
Are there any common domains or patterns you’d like included in the built-in defaults?
If you’ve found a bug, please post it in Bug Reports instead, so we can track and address it properly, but also feel free to drop a link to it in this thread for visibility.
Hi Colin, on the enterprise admin console, is there a way to include Cursor’s defaults in the allowlist? (or alternatively, can I find a list of Cursor’s defaults somewhere?)
the per-project sandbox.json is nice. most of my stuff only needs npm registry and a couple api endpoints so having a strict allowlist per repo makes sense. would be useful to see what the built-in defaults actually include though, even for non-enterprise users
Thanks, that’s great. Is the idea that in an enterprise setup you’d manually paste the default list in as a starting point, or is there a way to include it explicitly?
Right now, when you set an allowlist in the admin Network Access Control panel, it replaces Cursor’s defaults entirely rather than merging with them. So yes, if you want to preserve the default domains, you’d need to include them in your admin allowlist manually.
