docs(mcp): document Origin validation / CORS secure defaults#530
docs(mcp): document Origin validation / CORS secure defaults#530kylebernhardy wants to merge 1 commit into
Conversation
Add a Security section to the MCP configuration reference explaining that the MCP endpoint validates the Origin header (DNS-rebinding defense) via each profile's CORS config, and that deployments exposing MCP to browsers beyond loopback should enable an explicit CORS allow-list. Companion to HarperFast/harper#1320 (#1317 S4). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a new "Security: Origin validation" section to the MCP configuration documentation, detailing how the endpoint validates the Origin header to defend against DNS-rebinding attacks. The review feedback suggests correcting an inaccuracy regarding the default CORS configuration state to ensure the documentation is precise.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
|
||
| The MCP endpoint validates the request `Origin` header to defend against DNS-rebinding attacks (a requirement of the MCP Streamable HTTP transport). Validation reuses each profile's existing CORS configuration rather than introducing a separate MCP setting: | ||
|
|
||
| - When CORS is **disabled** (the default), any `Origin` is accepted. This is appropriate for localhost-only or non-browser clients, where no DNS-rebinding vector exists. |
There was a problem hiding this comment.
According to the HTTP configuration documentation, http.cors defaults to true (enabled), but http.corsAccessList defaults to null (allowing all origins). Therefore, CORS is not disabled by default; rather, it is enabled without an active allow-list. We should clarify this to avoid confusing users about the default configuration state.
| - When CORS is **disabled** (the default), any `Origin` is accepted. This is appropriate for localhost-only or non-browser clients, where no DNS-rebinding vector exists. | |
| - When CORS is **disabled** or no allow-list is configured (the default), any Origin is accepted. This is appropriate for localhost-only or non-browser clients, where no DNS-rebinding vector exists. |
🚀 Preview DeploymentYour preview deployment is ready! 🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-530 This preview will update automatically when you push new commits. |
2 participants
Companion to HarperFast/harper#1320 (issue HarperFast/harper#1317, S4).
Adds a Security: Origin validation section to
reference/mcp/configuration.mddocumenting that the MCP endpoint validates theOriginheader (DNS-rebinding defense) via each profile's existing CORS config, and that any deployment exposing MCP to browsers beyond loopback should enable an explicit CORS allow-list to activate that protection.No new config surface — the behavior already ships; this fills a documentation gap surfaced while fixing #1317.
format:checkis clean.Generated by an LLM (Claude Opus 4.8).
🤖 Generated with Claude Code