Severity: π‘ Medium (security; Host-header bypass)
mcp.py:364β378:
def _check_auth(handler) -> bool:
host = handler.headers.get("Host", "")
if host:
hostname = host.split(":")[0]
if hostname not in ("127.0.0.1", "localhost", "::1"):
return False
if not token:
return True
...If Host: header is empty/absent, the loopback check is skipped and auth proceeds. With no token configured, an HTTP/1.0 request without a Host: header bypasses loopback enforcement.
Same pattern in serve.py::_serve_authorized (lines ~2611β2618).
Suggested fix
host = handler.headers.get("Host", "")
hostname = host.split(":")[0] if host else ""
if hostname not in ("127.0.0.1", "localhost", "::1"):
return FalseAcceptance criteria
- Test: HTTP request with no
Host: header β 401.
- Same regression for
serve.py::_serve_authorized.
Severity: π‘ Medium (security; Host-header bypass)
mcp.py:364β378:If
Host:header is empty/absent, the loopback check is skipped and auth proceeds. With no token configured, an HTTP/1.0 request without aHost:header bypasses loopback enforcement.Same pattern in
serve.py::_serve_authorized(lines ~2611β2618).Suggested fix
Acceptance criteria
Host:header β 401.serve.py::_serve_authorized.