cscott/knowledge-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): allow in-cluster service hosts for FastMCP transport validation

Browse Source
This commit is contained in:
ClawdBot
2026-02-19 09:58:27 +11:00
parent ab5041d4ec
commit 756ed24bfc
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server.py
View File

@@ -1,6 +1,7 @@
import os import os
import httpx import httpx
from mcp.server.fastmcp import FastMCP from mcp.server.fastmcp import FastMCP
from mcp.server.transport_security import TransportSecuritySettings
import psycopg import psycopg
from pgvector.psycopg import register_vector from pgvector.psycopg import register_vector
import uuid import uuid
@@ -16,7 +17,23 @@ EMBEDDING_DIM = 768 # BAAI/bge-base-en-v1.5
# Initialize # Initialize
logging.basicConfig(level=logging.INFO) logging.basicConfig(level=logging.INFO)
mcp = FastMCP("knowledge-mcp") mcp = FastMCP(
"knowledge-mcp",
host="0.0.0.0",
port=8000,
sse_path="/sse",
transport_security=TransportSecuritySettings(
enable_dns_rebinding_protection=True,
allowed_hosts=[
"localhost:*",
"127.0.0.1:*",
"knowledge-mcp:*",
"knowledge-mcp.knowledge-mcp.svc:*",
"knowledge-mcp.knowledge-mcp.svc.cluster.local:*",
],
allowed_origins=[],
),
)
@contextmanager @contextmanager
def get_db(init=False): def get_db(init=False):