Is this a bug or expected? Sandbox on a documentation site "leaks" into my local environment

[evanwinter]

I'm not sure if this is a bug, or if this is expected behavior. (And I think this is sandpack I'm looking at, but if not, please feel free to direct me elsewhere)

If I have an app running locally at http://localhost:5173, and a tab open to a code sandbox embed that is executing a fetch for http://localhost:5173/api/data, I see the network calls to /api/data running on my app locally.

Here's the link to the page with the sandbox: https://tanstack.com/query/latest/docs/svelte/examples/svelte/auto-refetching

It feels like the code sandbox should not be reaching outside of the web browser in this way, but I could be wrong?

On the left here is my local Svelte app running on http://localhost:5173, and on the right is the page with the Code Sandbox element. The sandbox calls for /api/data are running on my local Svelte app.

I'm guessing it's because that sandbox in particular actually runs a Svelte app on my local environment too. This may be totally fine, but I just wanted to call it out in case it was not expected behavior.

[danilowoz]

Hey @DeMoorJasper, could you take a look at this question?

[DeMoorJasper]

Yes this is expected behaviour, that embed is running a sandbox which doesn't proxy the request back to the sandbox (this is only possible with our new server/repository sandboxes and nodebox - out new server sandboxes aren't embeddable just yet but should be supported soon)