Skip to content

fix: enable DNS rebinding protection by default#659

Draft
devcrocod wants to merge 3 commits intomainfrom
devcrocod/dns-rebinding-protection
Draft

fix: enable DNS rebinding protection by default#659
devcrocod wants to merge 3 commits intomainfrom
devcrocod/dns-rebinding-protection

Conversation

@devcrocod
Copy link
Copy Markdown
Contributor

@devcrocod devcrocod commented Mar 30, 2026

Add DnsRebindingProtection Ktor route-scoped plugin and enable it by default across all http transports

Motivation and Context

DNS rebinding protection was disabled by default (enableDnsRebindingProtection = false), and sse endpoints (Route.mcp()) had zero protection. Same vulnerability as typescript sdk GHSA-w48q-cv73-mx4w

How Has This Been Tested?

all tests pass

Breaking Changes

  • Route.mcp(), Application.mcp() signatures changed (new enableDnsRebindingProtection, allowedHosts, allowedOrigins params), binary incompatible on JVM
  • enableDnsRebindingProtection default changed from false to true on mcpStreamableHttp/mcpStatelessStreamableHttp
  • Default allowed hosts: localhost, 127.0.0.1, [::1] — opt out with enableDnsRebindingProtection = false
  • Host validation is now port-agnostic (matches ts sdk)
  • Origin validation now allows missing Origin header (non-browser clients)
  • Configuration.enableDnsRebindingProtection, .allowedHosts, .allowedOrigins deprecated in favor of the plugin

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Copilot AI review requested due to automatic review settings March 30, 2026 23:34
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Ktor route-scoped DNS rebinding protection plugin and enables it by default for MCP HTTP/SSE endpoints, aligning behavior with the TypeScript SDK advisory.

Changes:

  • Introduces DnsRebindingProtection (RouteScopedPlugin) with default localhost allowlist and optional Origin allowlist.
  • Enables DNS rebinding protection by default in Route.mcp, Application.mcp, mcpStreamableHttp, and mcpStatelessStreamableHttp; deprecates the old transport configuration flags.
  • Updates/extends JVM tests and conformance server setup to reflect the new defaults and host parsing behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
kotlin-sdk-server/src/jvmTest/kotlin/io/modelcontextprotocol/kotlin/sdk/server/KtorRouteExtensionsTest.kt Updates integration tests to explicitly disable protection where not under test.
kotlin-sdk-server/src/jvmTest/kotlin/io/modelcontextprotocol/kotlin/sdk/server/KtorApplicationExtensionsTest.kt Updates Application extension test to explicitly disable protection where not under test.
kotlin-sdk-server/src/jvmTest/kotlin/io/modelcontextprotocol/kotlin/sdk/server/DnsRebindingProtectionTest.kt Adds new tests covering Host/Origin validation and extractHostname.
kotlin-sdk-server/src/commonMain/kotlin/io/modelcontextprotocol/kotlin/sdk/server/StreamableHttpServerTransport.kt Deprecates old DNS config fields and updates header validation to be port-agnostic.
kotlin-sdk-server/src/commonMain/kotlin/io/modelcontextprotocol/kotlin/sdk/server/KtorServer.kt Adds new parameters to MCP helpers and enables protection by default via the new plugin.
kotlin-sdk-server/src/commonMain/kotlin/io/modelcontextprotocol/kotlin/sdk/server/HostValidation.kt New plugin + config + hostname extraction utility + default localhost allowlist.
kotlin-sdk-server/api/kotlin-sdk-server.api Updates public API surface for new plugin/config and new MCP helper signatures.
conformance-test/src/main/kotlin/io/modelcontextprotocol/kotlin/sdk/conformance/ConformanceServer.kt Removes redundant explicit DNS settings now covered by new defaults.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 30, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 68.75000% with 25 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...delcontextprotocol/kotlin/sdk/server/KtorServer.kt 51.61% 10 Missing and 5 partials ⚠️
...kotlin/sdk/server/StreamableHttpServerTransport.kt 33.33% 6 Missing ⚠️
...ontextprotocol/kotlin/sdk/server/HostValidation.kt 90.00% 0 Missing and 4 partials ⚠️

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devcrocod @codecov-commenter