Python: Default MCP SSE server samples to loopback with host validation#14127
Merged
SergeyMenshykh merged 3 commits intoJun 30, 2026
Merged
Conversation
Update the MCP SSE server demos to bind to 127.0.0.1 by default with a new --host opt-in, add Starlette TrustedHost and Origin allowlist middleware for loopback callers, and document the behavior in the README. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Python MCP SSE demo servers to be safer-by-default for local development by binding to loopback, adding Host/Origin validation, and reducing debug verbosity so the samples don’t accidentally ship insecure defaults.
Changes:
- Add
--host(default127.0.0.1) and warn when binding beyond loopback. - Add
TrustedHostMiddlewareplus an Origin allowlist middleware to reduce DNS-rebinding risk. - Turn off Starlette debug mode for SSE demos and document the new behavior in the sample README.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| python/samples/demos/mcp_server/sk_mcp_server.py | Adds loopback default binding, Host/Origin validation middleware, and disables Starlette debug for SSE. |
| python/samples/demos/mcp_server/agent_as_server.py | Mirrors the SSE loopback default binding and Host/Origin validation changes for the agent-based MCP server demo. |
| python/samples/demos/mcp_server/README.md | Documents loopback-by-default SSE behavior, --host opt-in, and points to mcp_with_oauth for production patterns. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Fail fast when --transport sse is used without --port, treat undecodable Origin headers as forbidden instead of erroring, and use ipaddress loopback detection (incl. IPv6 ::1) for the non-loopback bind warning. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
eavanvalkenburg
approved these changes
Jun 30, 2026
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
TaoChenOSU
approved these changes
Jun 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation and Context
The Python MCP server demos under
python/samples/demos/mcp_server/can optionally run over the SSE transport (--transport sse). This updates that sample wiring to follow the Model Context Protocol guidance for local development servers, so developers who use these demos as a starting point inherit sensible defaults.Description
127.0.0.1instead of0.0.0.0. A new--hostargument makes binding to other interfaces an explicit opt-in that logs a warning.TrustedHostMiddlewareplus a small Origin allowlist middleware so the local listener only serves loopback callers (requests without anOriginheader are still allowed, for non-browser MCP clients).Starlette(debug=True)todebug=Falseso the demos don't ship verbose debug output.--hostopt-in, and points to the existingmcp_with_oauthsample for authenticated, network-reachable deployments.Applies to
sk_mcp_server.pyandagent_as_server.py. The stdio transport (the default) and the other stdio-only samples are unchanged.Contribution Checklist