feat(transport-security): add subdomain wildcard support for allowed_hosts#2144
Open
Chenzhen-Ye wants to merge 1 commit intomodelcontextprotocol:mainfrom
Open
Conversation
Chenzhen-Ye
force-pushed
the
feature/2141-allowed-hosts-subdomain-wildcard
branch
3 times, most recently
from
c3d8639 to
3f9a2d1
Compare
…hosts TransportSecuritySettings.allowed_hosts now supports *.domain patterns (e.g. *.mysite.com) so that a single entry can allow the base domain and any subdomain (app.mysite.com, api.mysite.com, etc.) instead of listing each host explicitly. This makes multi-subdomain or dynamic subdomain setups practical. - Add _hostname_from_host() to strip port from Host header (including IPv6) - In _validate_host(), treat entries starting with *. as subdomain wildcards: match hostname equal to base domain or ending with .<base> - Preserve existing behaviour: exact match and example.com:* port wildcard - Document the three pattern types in allowed_hosts docstring - Add integration tests for SSE and StreamableHTTP with *.mysite.com Github-Issue: modelcontextprotocol#2141
Chenzhen-Ye
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TransportSecuritySettings.allowed_hosts now supports *.domain patterns (e.g. *.mysite.com) so that a single entry can allow the base domain and any subdomain (app.mysite.com, api.mysite.com, etc.) instead of listing each host explicitly. This makes multi-subdomain or dynamic subdomain setups practical.
wildcards: match hostname equal to base domain or ending with .
Github-Issue: #2141
Motivation and Context
Closes #2141
How Has This Been Tested?
Integration tests (pytest)
SSE (test_sse_security_subdomain_wildcard_host): Server started with allowed_hosts=[".mysite.com", "127.0.0.1:"]. Verified that requests with Host: app.mysite.com, api.mysite.com, and mysite.com return 200, and Host: other.com returns 421 with "Invalid Host header".
StreamableHTTP (test_streamable_http_security_subdomain_wildcard_host): Same allowed_hosts. Verified that a POST with Host: app.mysite.com returns 200 and with Host: other.com returns 421.
Regression
All existing transport/SSE/StreamableHTTP security tests were run (26 tests in test_sse_security.py and test_streamable_http_security.py); no existing behaviour was changed.
Not tested in a real application
This was only validated via the test suite; no manual runs in a live app or multi-subdomain deployment.
Breaking Changes
No
Types of changes
Checklist
Additional context