feat: Add transport security configuration with DNS rebinding protection#144
Open
DavidFHCh wants to merge 5 commits intocrystaldba:mainfrom
Open
feat: Add transport security configuration with DNS rebinding protection#144DavidFHCh wants to merge 5 commits intocrystaldba:mainfrom
DavidFHCh wants to merge 5 commits intocrystaldba:mainfrom
Conversation
- Add --disable-dns-rebinding-protection, --allowed-hosts, --allowed-origins CLI flags - Move transport security from module-level init to main() (after argparse) - Apply transport security only for SSE and streamable-http transports (not stdio) - Env vars (POSTGRES_MCP_*) override CLI flags when both are set - Add comprehensive test suite: 10 scenarios × 2 transports = 20 tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2 tasks
Align with the shorter MCP_* naming convention used in the original PR. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rename MCP_DNS_REBINDING_PROTECTION to MCP_ENABLE_DNS_REBINDING_PROTECTION - Add monkeypatch fixture to clear MCP_* env vars in tests - Remove coupling to FastMCP upstream defaults in test_default_defers_to_fastmcp - Update README with CLI flags documentation table Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
EliShteinman
added a commit
to EliShteinman/postgres-mcp
that referenced
this pull request
Feb 13, 2026
- Use MCP_ENABLE_DNS_REBINDING_PROTECTION env var name (matching upstream) - Add monkeypatch env cleanup in tests to prevent flakiness - Remove coupling to FastMCP upstream defaults in tests - Update README with CLI flags + env vars documentation table Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…hancements feat: add CLI flags and tests for transport security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.