Add support for DNS-rebinding attack protection in config.json and remote-server.ts

golja · golja · commit 6d79702cacb7 · 2025-12-01T15:49:17.000+01:00
diff --git a/config/config.json b/config/config.json
@@ -13,6 +13,8 @@
   "TLS_CERT_PATH": "",
   "TLS_KEY_PASSPHRASE": "",
   "MCP_SERVER_CORS_ORIGINS": ["*"],
+  "MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS": [],
+  "MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_ORIGINS": [],
   "SCOPES_SUPPORTED": ["mcp:call-tools"],
   "MCP_SERVER_CLIENT_ID": "",
   "MCP_SERVER_CLIENT_SECRET": "",
diff --git a/src/server-remote.ts b/src/server-remote.ts
@@ -38,6 +38,10 @@ const BACKEND_API_AUDIENCE = configData.BACKEND_API_AUDIENCE;
 const BACKEND_API_RESOURCE = configData.BACKEND_API_RESOURCE;
 const BACKEND_AUTH_TOKEN = () => getConfigData().BACKEND_AUTH_TOKEN;
 const MCP_SERVER_BASE_URL = configData.MCP_SERVER_BASE_URL;
+const MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS =
+  configData.MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS || [];
+const MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_ORIGINS =
+  configData.MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_ORIGINS || [];
 const AUTHZ_SERVER_BASE_URL = configData.AUTHZ_SERVER_BASE_URL;
 const SCOPES_SUPPORTED = configData.SCOPES_SUPPORTED;
 const MCP_SERVER_CLIENT_ID = configData.MCP_SERVER_CLIENT_ID;
@@ -286,19 +290,18 @@ const handleMcpRequest = async (req: express.Request, res: express.Response) =>
     // Reuse existing transport
     transport = getTransport(sessionId)!;
   } else if (!sessionId && isInitializeRequest(req.body)) {
+    const enableDnsRebindingProtection =
+      MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS.length > 0;
     // New initialization request
     transport = new StreamableHTTPServerTransport({
       sessionIdGenerator: () => randomUUID(),
       onsessioninitialized: (sessionId) => {
         // Store the transport by session ID
         addSession(sessionId, transport);
       },
-      // FIXME:
-      // DNS rebinding protection is disabled by default for backwards compatibility. If you are running this server
-      // locally, make sure to set:
-      // enableDnsRebindingProtection: true,
-      // allowedHosts: ['127.0.0.1'],
-      // allowedOrigins: []
+      enableDnsRebindingProtection: enableDnsRebindingProtection,
+      allowedHosts: MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_HOSTS,
+      allowedOrigins: MCP_SERVER_DNS_REBINDING_PROTECTION_ALLOWED_ORIGINS,
     });
 
     // Clean up transport when closed
