Hi everyone,
we’ve been testing a setup where Codex should be able to make outgoing HTTP requests through the environment variable for “unrestricted internet access.”
However, after extensive testing, it’s clear that the outgoing requests are still filtered through a hardcoded allowlist of domains — basically only common package registries like github.com, pypi.org, npmjs.com, etc.
Even if we explicitly set the environment variable for full access, the model can’t reach any custom domains. Every attempt to connect results in 403 Forbidden, and no request ever reaches the target server.
We understand that OpenAI needs to prevent misuse, but please be transparent about this limitation or provide an option to enable true outbound access — or a reviewed domain-allowlist request process.
Right now, the “unrestricted internet” toggle is misleading — it sounds like full access, but is actually a proxy with a fixed whitelist that hasn’t been updated for years.
Please consider expanding or opening this layer for trusted developers.
It would unlock so many legitimate use cases for agents, DevOps automation, and research.
Thank you 