Skip to content

Python: Default MCP SSE server samples to loopback with host validation#14127

Merged
SergeyMenshykh merged 3 commits into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-harden-mcp-sse-samples
Jun 30, 2026
Merged

Python: Default MCP SSE server samples to loopback with host validation#14127
SergeyMenshykh merged 3 commits into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-harden-mcp-sse-samples

Conversation

@SergeyMenshykh

Copy link
Copy Markdown
Contributor

Motivation and Context

The Python MCP server demos under python/samples/demos/mcp_server/ can optionally run over the SSE transport (--transport sse). This updates that sample wiring to follow the Model Context Protocol guidance for local development servers, so developers who use these demos as a starting point inherit sensible defaults.

Description

  • Loopback by default: the SSE samples now bind to 127.0.0.1 instead of 0.0.0.0. A new --host argument makes binding to other interfaces an explicit opt-in that logs a warning.
  • Host/Origin validation: added Starlette TrustedHostMiddleware plus a small Origin allowlist middleware so the local listener only serves loopback callers (requests without an Origin header are still allowed, for non-browser MCP clients).
  • Sample hygiene: switched Starlette(debug=True) to debug=False so the demos don't ship verbose debug output.
  • Docs: the README now describes the loopback-by-default behavior, the --host opt-in, and points to the existing mcp_with_oauth sample for authenticated, network-reachable deployments.

Applies to sk_mcp_server.py and agent_as_server.py. The stdio transport (the default) and the other stdio-only samples are unchanged.

Contribution Checklist

  • The code builds clean without any errors or warnings
  • I didn't break anyone 😄

Update the MCP SSE server demos to bind to 127.0.0.1 by default with a new --host opt-in, add Starlette TrustedHost and Origin allowlist middleware for loopback callers, and document the behavior in the README.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 30, 2026 13:21
@SergeyMenshykh SergeyMenshykh requested a review from a team as a code owner June 30, 2026 13:21
@moonbox3 moonbox3 added python Pull requests for the Python Semantic Kernel documentation labels Jun 30, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Python MCP SSE demo servers to be safer-by-default for local development by binding to loopback, adding Host/Origin validation, and reducing debug verbosity so the samples don’t accidentally ship insecure defaults.

Changes:

  • Add --host (default 127.0.0.1) and warn when binding beyond loopback.
  • Add TrustedHostMiddleware plus an Origin allowlist middleware to reduce DNS-rebinding risk.
  • Turn off Starlette debug mode for SSE demos and document the new behavior in the sample README.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File Description
python/samples/demos/mcp_server/sk_mcp_server.py Adds loopback default binding, Host/Origin validation middleware, and disables Starlette debug for SSE.
python/samples/demos/mcp_server/agent_as_server.py Mirrors the SSE loopback default binding and Host/Origin validation changes for the agent-based MCP server demo.
python/samples/demos/mcp_server/README.md Documents loopback-by-default SSE behavior, --host opt-in, and points to mcp_with_oauth for production patterns.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread python/samples/demos/mcp_server/sk_mcp_server.py Outdated
Comment thread python/samples/demos/mcp_server/agent_as_server.py Outdated
Comment thread python/samples/demos/mcp_server/sk_mcp_server.py
Comment thread python/samples/demos/mcp_server/agent_as_server.py
Comment thread python/samples/demos/mcp_server/sk_mcp_server.py Outdated
Comment thread python/samples/demos/mcp_server/agent_as_server.py Outdated
Fail fast when --transport sse is used without --port, treat undecodable Origin headers as forbidden instead of erroring, and use ipaddress loopback detection (incl. IPv6 ::1) for the non-loopback bind warning.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SergeyMenshykh SergeyMenshykh enabled auto-merge June 30, 2026 14:45
@SergeyMenshykh SergeyMenshykh added this pull request to the merge queue Jun 30, 2026
Merged via the queue into microsoft:main with commit 38a5480 Jun 30, 2026
31 checks passed
@SergeyMenshykh SergeyMenshykh deleted the sergeymenshykh-harden-mcp-sse-samples branch June 30, 2026 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation python Pull requests for the Python Semantic Kernel

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

5 participants