@mcp-abap-adt/core 7.1.3 → 7.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/handlers/structure/readonly/handleGetStructuresList.d.ts +5 -4
- package/dist/handlers/structure/readonly/handleGetStructuresList.d.ts.map +1 -1
- package/dist/handlers/structure/readonly/handleGetStructuresList.js +27 -25
- package/dist/handlers/structure/readonly/handleGetStructuresList.js.map +1 -1
- package/dist/lib/config/IServerConfig.d.ts +6 -0
- package/dist/lib/config/IServerConfig.d.ts.map +1 -1
- package/dist/lib/config/ServerConfigManager.d.ts.map +1 -1
- package/dist/lib/config/ServerConfigManager.js +12 -0
- package/dist/lib/config/ServerConfigManager.js.map +1 -1
- package/dist/server/SseServer.d.ts +9 -0
- package/dist/server/SseServer.d.ts.map +1 -1
- package/dist/server/SseServer.js +16 -4
- package/dist/server/SseServer.js.map +1 -1
- package/dist/server/StreamableHttpServer.d.ts +9 -0
- package/dist/server/StreamableHttpServer.d.ts.map +1 -1
- package/dist/server/StreamableHttpServer.js +15 -3
- package/dist/server/StreamableHttpServer.js.map +1 -1
- package/dist/server/dnsRebindingProtection.d.ts +21 -0
- package/dist/server/dnsRebindingProtection.d.ts.map +1 -0
- package/dist/server/dnsRebindingProtection.js +45 -0
- package/dist/server/dnsRebindingProtection.js.map +1 -0
- package/dist/server/launcher.js +6 -0
- package/dist/server/launcher.js.map +1 -1
- package/docs/configuration/YAML_CONFIG.md +12 -0
- package/docs/installation/CLINE_CONFIGURATION.md +5 -1
- package/docs/installation/INSTALLATION.md +12 -0
- package/docs/installation/platforms/INSTALL_LINUX.md +6 -0
- package/docs/installation/platforms/INSTALL_MACOS.md +6 -0
- package/docs/installation/platforms/INSTALL_WINDOWS.md +6 -0
- package/docs/user-guide/CLI_OPTIONS.md +54 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [7.2.1] - 2026-06-23
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
- **`GetStructuresList` now returns extension (append) structures in the tree.** Calling it with just a structure name (e.g. `ZMCP_SHR_STRU`) returns a hierarchy containing both the included structure (`kind: include`) and the appending structure that `extend type <this> with …` (`kind: append`). Previously appends were missed: the where-used lookup used the default scope (some object types unselected, so the extension's type was excluded) and a fragile `displayName`/`globalType` regex. It now uses `getWhereUsedList({ enableAllTypes: true })` and the parsed references. Also removed dead `.APPEND` source-parsing (ADT never emits `.APPEND` in a structure's source — appends are separate `extend type` objects). Verified end-to-end on a real system.
|
|
9
|
+
|
|
10
|
+
## [7.2.0] - 2026-06-22
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
- **DNS-rebinding protection for the HTTP/SSE transports.** `--http-allowed-hosts`/`--sse-allowed-hosts`, `--http-allowed-origins`/`--sse-allowed-origins`, and `--http-enable-dns-protection`/`--sse-enable-dns-protection` (plus the matching `MCP_HTTP_*`/`MCP_SSE_*` env vars and the `http`/`sse` `allowed-hosts`/`allowed-origins`/`enable-dns-protection` YAML keys) now take effect: when enabled with an allowlist, requests with a non-allowlisted `Host`/`Origin` header are rejected with HTTP 403. Transport-aware (http uses `http*`, sse uses `sse*`); applied in `registerRoutes` so both standalone and embedded modes are protected; `/mcp/health` is ungated. Defaults off (no-op). This is Host/Origin allowlist validation, NOT browser CORS. Values are matched exactly (Host includes port, e.g. `localhost:3000`). Implemented as own Express middleware rather than the now-deprecated SDK transport options.
|
|
14
|
+
|
|
5
15
|
## [7.1.3] - 2026-06-20
|
|
6
16
|
|
|
7
17
|
> Fixes the SSE transport host/port resolution, removes a broken CLI bin entry,
|
|
@@ -40,10 +40,11 @@ interface EmbeddedRef {
|
|
|
40
40
|
* include <name>; -> anonymous include (attribute = null)
|
|
41
41
|
* <attr> : include <name>; -> named include (attribute = <attr>)
|
|
42
42
|
* .INCLUDE <name> -> classic include
|
|
43
|
-
*
|
|
44
|
-
*
|
|
45
|
-
*
|
|
46
|
-
* `@AbapCatalog
|
|
43
|
+
* Appends are NOT in the source — an append is a separate object that
|
|
44
|
+
* `extend type <this> with …`, resolved via where-used (findExtensions), not
|
|
45
|
+
* parsed here. Plain component lines (`fld : type;`) and annotations
|
|
46
|
+
* (`@AbapCatalog…`) are NOT structure embeddings and are ignored — do NOT
|
|
47
|
+
* confuse the `@AbapCatalog.enhancement.category` annotation with an include.
|
|
47
48
|
*/
|
|
48
49
|
export declare function parseEmbeddedStructures(source: string): EmbeddedRef[];
|
|
49
50
|
export declare function handleGetStructuresList(context: HandlerContext, args: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleGetStructuresList.d.ts","sourceRoot":"","sources":["../../../../src/handlers/structure/readonly/handleGetStructuresList.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAOvE,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BlB,CAAC;AAWX,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,SAAS,GAAG,QAAQ,CAAC;CAC5B;AAED
|
|
1
|
+
{"version":3,"file":"handleGetStructuresList.d.ts","sourceRoot":"","sources":["../../../../src/handlers/structure/readonly/handleGetStructuresList.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAOvE,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+BlB,CAAC;AAWX,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,SAAS,GAAG,QAAQ,CAAC;CAC5B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,EAAE,CAmDrE;AAcD,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE;IACJ,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IAChC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;;;;;;GAiKF"}
|
|
@@ -41,10 +41,11 @@ exports.TOOL_DEFINITION = {
|
|
|
41
41
|
* include <name>; -> anonymous include (attribute = null)
|
|
42
42
|
* <attr> : include <name>; -> named include (attribute = <attr>)
|
|
43
43
|
* .INCLUDE <name> -> classic include
|
|
44
|
-
*
|
|
45
|
-
*
|
|
46
|
-
*
|
|
47
|
-
* `@AbapCatalog
|
|
44
|
+
* Appends are NOT in the source — an append is a separate object that
|
|
45
|
+
* `extend type <this> with …`, resolved via where-used (findExtensions), not
|
|
46
|
+
* parsed here. Plain component lines (`fld : type;`) and annotations
|
|
47
|
+
* (`@AbapCatalog…`) are NOT structure embeddings and are ignored — do NOT
|
|
48
|
+
* confuse the `@AbapCatalog.enhancement.category` annotation with an include.
|
|
48
49
|
*/
|
|
49
50
|
function parseEmbeddedStructures(source) {
|
|
50
51
|
const refs = [];
|
|
@@ -57,16 +58,11 @@ function parseEmbeddedStructures(source) {
|
|
|
57
58
|
line = line.trim();
|
|
58
59
|
if (!line || line.startsWith('@') || line.startsWith('*'))
|
|
59
60
|
continue;
|
|
60
|
-
// Classic field-list: .INCLUDE <name>
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
attribute: null,
|
|
66
|
-
kind: 'append',
|
|
67
|
-
});
|
|
68
|
-
continue;
|
|
69
|
-
}
|
|
61
|
+
// Classic field-list include: .INCLUDE <name>
|
|
62
|
+
// NOTE: appends are NOT parsed from source — ADT does not emit a `.APPEND`
|
|
63
|
+
// line in a structure's source. An append is a separate object that
|
|
64
|
+
// `extend type <this> with …`; those are resolved via where-used in
|
|
65
|
+
// findExtensions(), not here.
|
|
70
66
|
const classicInclude = line.match(/^\.include\s+([a-z0-9_/]+)/i);
|
|
71
67
|
if (classicInclude) {
|
|
72
68
|
refs.push({
|
|
@@ -158,27 +154,33 @@ async function handleGetStructuresList(context, args) {
|
|
|
158
154
|
const findExtensions = async (baseName) => {
|
|
159
155
|
if (!includeExtensions)
|
|
160
156
|
return [];
|
|
161
|
-
|
|
157
|
+
// Use getWhereUsedList with enableAllTypes: the DEFAULT where-used scope
|
|
158
|
+
// leaves some object types unselected, so an extension's type may be
|
|
159
|
+
// excluded and the search returns nothing useful. enableAllTypes selects
|
|
160
|
+
// every type, and the result is already parsed into { name, type } refs.
|
|
161
|
+
let references = [];
|
|
162
162
|
try {
|
|
163
|
-
const wu = await utils.
|
|
163
|
+
const wu = await utils.getWhereUsedList({
|
|
164
164
|
object_name: baseName,
|
|
165
165
|
object_type: 'structure',
|
|
166
|
+
enableAllTypes: true,
|
|
166
167
|
});
|
|
167
|
-
|
|
168
|
+
references = (wu?.references ?? []);
|
|
168
169
|
}
|
|
169
170
|
catch (e) {
|
|
170
171
|
logger?.warn(`where-used failed for ${baseName}: ${e?.message ?? String(e)}`);
|
|
171
172
|
return [];
|
|
172
173
|
}
|
|
173
|
-
// Candidate referencing
|
|
174
|
+
// Candidate referencing DDIC structures/tables (TABL/*), excluding self.
|
|
175
|
+
// The authoritative filter is the source check below (`extend type`).
|
|
174
176
|
const candidates = new Set();
|
|
175
|
-
for (const
|
|
176
|
-
const name =
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
177
|
+
for (const ref of references) {
|
|
178
|
+
const name = (ref.name ?? '').trim().toUpperCase();
|
|
179
|
+
if (!name || name === baseName)
|
|
180
|
+
continue;
|
|
181
|
+
if (!/^TABL\//i.test(ref.type ?? ''))
|
|
182
|
+
continue;
|
|
183
|
+
candidates.add(name);
|
|
182
184
|
}
|
|
183
185
|
const extendRe = new RegExp(`extend\\s+type\\s+${baseName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\s+with`, 'i');
|
|
184
186
|
const refs = [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleGetStructuresList.js","sourceRoot":"","sources":["../../../../src/handlers/structure/readonly/handleGetStructuresList.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"handleGetStructuresList.js","sourceRoot":"","sources":["../../../../src/handlers/structure/readonly/handleGetStructuresList.ts"],"names":[],"mappings":";;;AAoEA,0DAmDC;AAcD,0DAwKC;AA7SD,kDAAuD;AAEvD,8CAI4B;AAEf,QAAA,eAAe,GAAG;IAC7B,IAAI,EAAE,mBAAmB;IACzB,YAAY,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAU;IACpD,WAAW,EACT,2GAA2G;IAC7G,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,cAAc,EAAE;gBACd,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,wCAAwC;aACtD;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;gBAC5B,WAAW,EAAE,oDAAoD;gBACjE,OAAO,EAAE,QAAQ;aAClB;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE,SAAS;gBACf,WAAW,EACT,0MAA0M;gBAC5M,OAAO,EAAE,IAAI;aACd;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iDAAiD;aAC/D;SACF;QACD,QAAQ,EAAE,CAAC,gBAAgB,CAAC;KAC7B;CACO,CAAC;AAiBX;;;;;;;;;;;GAWG;AACH,SAAgB,uBAAuB,CAAC,MAAc;IACpD,MAAM,IAAI,GAAkB,EAAE,CAAC;IAC/B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACpC,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,wDAAwD;QACxD,IAAI,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC1C,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAEpE,8CAA8C;QAC9C,2EAA2E;QAC3E,oEAAoE;QACpE,oEAAoE;QACpE,8BAA8B;QAC9B,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;gBACrC,SAAS,EAAE,IAAI;gBACf,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,uDAAuD;QACvD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAC7B,wDAAwD,CACzD,CAAC;QACF,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;gBACnC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;gBACxC,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,kDAAkD;QAClD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAChE,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;gBACjC,SAAS,EAAE,IAAI;gBACf,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,UAAe;IACpC,2DAA2D;IAC3D,MAAM,IAAI,GAAG,UAAU,EAAE,UAAU,EAAE,IAAI,IAAI,UAAU,EAAE,IAAI,CAAC;IAC9D,IAAI,IAAI,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,OAAuB,EACvB,IAKC;IAED,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,OAAO,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;QACpD,MAAM,iBAAiB,GAAG,IAAI,CAAC,kBAAkB,KAAK,KAAK,CAAC;QAC5D,IAAI,CAAC,cAAc;YACjB,OAAO,IAAA,oBAAY,EAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAE/D,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,EAAE,CAAC;QAE9C;;;;WAIG;QACH,MAAM,OAAO,GAAG,KAAK,EAAE,IAAY,EAA0B,EAAE;YAC7D,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,IAAI,CACvB,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB,OAAgC,CACjC,CAAC;gBACF,MAAM,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;gBAC5B,IAAI,CAAC,IAAI,IAAI;oBAAE,OAAO,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,MAAM,MAAM;qBACpB,QAAQ,EAAE;qBACV,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,OAAgC,CAAC,CAAC;gBAC/D,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC,CAAC;QAEF;;;;;;WAMG;QACH,MAAM,cAAc,GAAG,KAAK,EAAE,QAAgB,EAA0B,EAAE;YACxE,IAAI,CAAC,iBAAiB;gBAAE,OAAO,EAAE,CAAC;YAClC,yEAAyE;YACzE,qEAAqE;YACrE,yEAAyE;YACzE,yEAAyE;YACzE,IAAI,UAAU,GAA4C,EAAE,CAAC;YAC7D,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC;oBACtC,WAAW,EAAE,QAAQ;oBACrB,WAAW,EAAE,WAAW;oBACxB,cAAc,EAAE,IAAI;iBACd,CAAC,CAAC;gBACV,UAAU,GAAG,CAAC,EAAE,EAAE,UAAU,IAAI,EAAE,CAGhC,CAAC;YACL,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,MAAM,EAAE,IAAI,CACV,yBAAyB,QAAQ,KAAK,CAAC,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAChE,CAAC;gBACF,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,yEAAyE;YACzE,sEAAsE;YACtE,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;YACrC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBACnD,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ;oBAAE,SAAS;gBACzC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;oBAAE,SAAS;gBAC/C,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,MAAM,CACzB,qBAAqB,QAAQ,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,UAAU,EAC9E,GAAG,CACJ,CAAC;YACF,MAAM,IAAI,GAAkB,EAAE,CAAC;YAC/B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC9B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF,sEAAsE;QACtE,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO,IAAA,oBAAY,EACjB,IAAI,KAAK,CAAC,6CAA6C,QAAQ,EAAE,CAAC,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5C,MAAM,aAAa,GAAG,KAAK,EACzB,aAAqB,EACrB,MAAc,EACY,EAAE;YAC5B,uEAAuE;YACvE,MAAM,IAAI,GAAkB;gBAC1B,GAAG,uBAAuB,CAAC,MAAM,CAAC;gBAClC,GAAG,CAAC,MAAM,cAAc,CAAC,aAAa,CAAC,CAAC;aACzC,CAAC;YACF,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAkB;oBAC1B,SAAS,EAAE,GAAG,CAAC,IAAI;oBACnB,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,QAAQ,EAAE,EAAE;iBACb,CAAC;gBAEF,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;oBACnB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACpB,SAAS;gBACX,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAEtB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC5C,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;oBACxB,IAAI,CAAC,KAAK,GAAG,6BAA6B,GAAG,CAAC,IAAI,EAAE,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;gBAC7D,CAAC;gBAED,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF,MAAM,IAAI,GAAkB;YAC1B,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,IAAI;YACf,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,CAAC;SACpD,CAAC;QAEF,OAAO,IAAA,uBAAe,EAAC;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;gBACE,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,QAAQ;gBACxB,IAAI;aACL,EACD,IAAI,EACJ,CAAC,CACF;SACe,CAAC,CAAC;IACtB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC"}
|
|
@@ -48,6 +48,12 @@ export interface IServerConfig {
|
|
|
48
48
|
host?: string;
|
|
49
49
|
/** Server port */
|
|
50
50
|
port?: number;
|
|
51
|
+
/** Allowed Host header values (DNS-rebinding protection; exact, incl. port) */
|
|
52
|
+
allowedHosts?: string[];
|
|
53
|
+
/** Allowed Origin header values (DNS-rebinding protection; exact, incl. scheme) */
|
|
54
|
+
allowedOrigins?: string[];
|
|
55
|
+
/** Enable DNS-rebinding protection (requires allowedHosts and/or allowedOrigins) */
|
|
56
|
+
enableDnsRebindingProtection?: boolean;
|
|
51
57
|
/** Enable JSON response format for HTTP */
|
|
52
58
|
httpJsonResponse?: boolean;
|
|
53
59
|
/** HTTP endpoint path */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IServerConfig.d.ts","sourceRoot":"","sources":["../../../src/lib/config/IServerConfig.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,yCAAyC;AACzC,MAAM,WAAW,SAAS;IACxB,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,yCAAyC;IACzC,GAAG,EAAE,MAAM,CAAC;IACZ,kDAAkD;IAClD,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,4CAA4C;AAC5C,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAEjD,yCAAyC;AACzC,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;AAEjE,MAAM,WAAW,aAAa;IAK5B,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0CAA0C;IAC1C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iDAAiD;IACjD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kGAAkG;IAClG,sBAAsB,CAAC,EAAE,OAAO,CAAC;IAMjC,qCAAqC;IACrC,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,8DAA8D;IAC9D,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"IServerConfig.d.ts","sourceRoot":"","sources":["../../../src/lib/config/IServerConfig.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,yCAAyC;AACzC,MAAM,WAAW,SAAS;IACxB,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,yCAAyC;IACzC,GAAG,EAAE,MAAM,CAAC;IACZ,kDAAkD;IAClD,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,4CAA4C;AAC5C,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAEjD,yCAAyC;AACzC,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;AAEjE,MAAM,WAAW,aAAa;IAK5B,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0CAA0C;IAC1C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iDAAiD;IACjD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kGAAkG;IAClG,sBAAsB,CAAC,EAAE,OAAO,CAAC;IAMjC,qCAAqC;IACrC,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,8DAA8D;IAC9D,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mFAAmF;IACnF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,oFAAoF;IACpF,4BAA4B,CAAC,EAAE,OAAO,CAAC;IAMvC,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,yBAAyB;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2EAA2E;IAC3E,GAAG,CAAC,EAAE,SAAS,CAAC;IAMhB,6BAA6B;IAC7B,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAM1B,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAEhC,mFAAmF;IACnF,UAAU,CAAC,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAC;IAM3C,6CAA6C;IAC7C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,4DAA4D;IAC5D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gCAAgC;IAChC,MAAM,CAAC,EAAE,GAAG,CAAC;CACd"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServerConfigManager.d.ts","sourceRoot":"","sources":["../../../src/lib/config/ServerConfigManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAc,aAAa,EAAa,MAAM,oBAAoB,CAAC;AAQ/E,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAMhE;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAA8B;IAM5C;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,aAAa,CAAC;IAazC;;;OAGG;IACH,aAAa,IAAI,aAAa;IAW9B;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAwB9B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;
|
|
1
|
+
{"version":3,"file":"ServerConfigManager.d.ts","sourceRoot":"","sources":["../../../src/lib/config/ServerConfigManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAc,aAAa,EAAa,MAAM,oBAAoB,CAAC;AAQ/E,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAMhE;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAA8B;IAM5C;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,aAAa,CAAC;IAazC;;;OAGG;IACH,aAAa,IAAI,aAAa;IAW9B;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAwB9B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IA6DxB;;OAEG;IACH,OAAO,CAAC,cAAc;IAgBtB;;OAEG;IACH,OAAO,CAAC,SAAS;IAKjB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAiBvB;;OAEG;IACH,MAAM,CAAC,yBAAyB,IAAI,MAAM;IAkC1C;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM;CAqGzD"}
|
|
@@ -94,12 +94,24 @@ class ServerConfigManager {
|
|
|
94
94
|
const isSse = transport === 'sse';
|
|
95
95
|
const transportHost = isSse ? parsed.sseHost : parsed.httpHost;
|
|
96
96
|
const transportPort = isSse ? parsed.ssePort : parsed.httpPort;
|
|
97
|
+
const transportAllowedOrigins = isSse
|
|
98
|
+
? parsed.sseAllowedOrigins
|
|
99
|
+
: parsed.httpAllowedOrigins;
|
|
100
|
+
const transportAllowedHosts = isSse
|
|
101
|
+
? parsed.sseAllowedHosts
|
|
102
|
+
: parsed.httpAllowedHosts;
|
|
103
|
+
const transportEnableDns = isSse
|
|
104
|
+
? parsed.sseEnableDnsProtection
|
|
105
|
+
: parsed.httpEnableDnsProtection;
|
|
97
106
|
return {
|
|
98
107
|
transport: transport || 'stdio',
|
|
99
108
|
exposition: exposition.length > 0 ? exposition : ['readonly', 'high'],
|
|
100
109
|
configFile: (0, yamlConfig_js_1.parseConfigArg)(),
|
|
101
110
|
host: ArgumentsParser_js_1.ArgumentsParser.getArgument('--host') || transportHost,
|
|
102
111
|
port: this.parsePort() || transportPort,
|
|
112
|
+
allowedOrigins: transportAllowedOrigins,
|
|
113
|
+
allowedHosts: transportAllowedHosts,
|
|
114
|
+
enableDnsRebindingProtection: transportEnableDns ?? false,
|
|
103
115
|
httpJsonResponse: parsed.httpJsonResponse || undefined,
|
|
104
116
|
httpPath: ArgumentsParser_js_1.ArgumentsParser.getArgument('--path') ||
|
|
105
117
|
ArgumentsParser_js_1.ArgumentsParser.getArgument('--http-path'),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ServerConfigManager.js","sourceRoot":"","sources":["../../../src/lib/config/ServerConfigManager.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,6DAAuD;AAEvD,mDAKyB;AAIzB,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;GAEG;AACH,MAAa,mBAAmB;IACtB,MAAM,GAAyB,IAAI,CAAC;IAE5C,6EAA6E;IAC7E,oCAAoC;IACpC,6EAA6E;IAE7E;;;OAGG;IACH,KAAK,CAAC,SAAS;QACb,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAE9B,4DAA4D;QAC5D,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtC,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC;QACD,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED,6EAA6E;IAC7E,uCAAuC;IACvC,6EAA6E;IAE7E;;;OAGG;IACK,sBAAsB;QAC5B,MAAM,UAAU,GAAG,IAAA,8BAAc,GAAE,CAAC;QACpC,IAAI,CAAC,UAAU;YAAE,OAAO;QAExB,gDAAgD;QAChD,MAAM,iBAAiB,GAAG,IAAA,8CAA8B,EAAC,UAAU,CAAC,CAAC;QACrE,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mEAAmE,CACpE,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,IAAA,8BAAc,EAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,UAAU,EAAE,CAAC;YACf,IAAA,qCAAqB,EAAC,UAAU,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,iCAAiC;IACjC,6EAA6E;IAE7E;;;;OAIG;IACK,gBAAgB;QACtB,2CAA2C;QAC3C,MAAM,MAAM,GAAG,oCAAe,CAAC,KAAK,EAAE,CAAC;QAEvC,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAE1C,0EAA0E;QAC1E,6EAA6E;QAC7E,4EAA4E;QAC5E,0EAA0E;QAC1E,qBAAqB;QACrB,MAAM,KAAK,GAAG,SAAS,KAAK,KAAK,CAAC;QAClC,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC/D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"ServerConfigManager.js","sourceRoot":"","sources":["../../../src/lib/config/ServerConfigManager.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,6DAAuD;AAEvD,mDAKyB;AAIzB,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;GAEG;AACH,MAAa,mBAAmB;IACtB,MAAM,GAAyB,IAAI,CAAC;IAE5C,6EAA6E;IAC7E,oCAAoC;IACpC,6EAA6E;IAE7E;;;OAGG;IACH,KAAK,CAAC,SAAS;QACb,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAE9B,4DAA4D;QAC5D,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtC,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC;QACD,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED,6EAA6E;IAC7E,uCAAuC;IACvC,6EAA6E;IAE7E;;;OAGG;IACK,sBAAsB;QAC5B,MAAM,UAAU,GAAG,IAAA,8BAAc,GAAE,CAAC;QACpC,IAAI,CAAC,UAAU;YAAE,OAAO;QAExB,gDAAgD;QAChD,MAAM,iBAAiB,GAAG,IAAA,8CAA8B,EAAC,UAAU,CAAC,CAAC;QACrE,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mEAAmE,CACpE,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,IAAA,8BAAc,EAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,UAAU,EAAE,CAAC;YACf,IAAA,qCAAqB,EAAC,UAAU,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,iCAAiC;IACjC,6EAA6E;IAE7E;;;;OAIG;IACK,gBAAgB;QACtB,2CAA2C;QAC3C,MAAM,MAAM,GAAG,oCAAe,CAAC,KAAK,EAAE,CAAC;QAEvC,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAE1C,0EAA0E;QAC1E,6EAA6E;QAC7E,4EAA4E;QAC5E,0EAA0E;QAC1E,qBAAqB;QACrB,MAAM,KAAK,GAAG,SAAS,KAAK,KAAK,CAAC;QAClC,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC/D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC/D,MAAM,uBAAuB,GAAG,KAAK;YACnC,CAAC,CAAC,MAAM,CAAC,iBAAiB;YAC1B,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC;QAC9B,MAAM,qBAAqB,GAAG,KAAK;YACjC,CAAC,CAAC,MAAM,CAAC,eAAe;YACxB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAC5B,MAAM,kBAAkB,GAAG,KAAK;YAC9B,CAAC,CAAC,MAAM,CAAC,sBAAsB;YAC/B,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC;QAEnC,OAAO;YACL,SAAS,EAAE,SAAS,IAAI,OAAO;YAC/B,UAAU,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC;YACrE,UAAU,EAAE,IAAA,8BAAc,GAAE;YAC5B,IAAI,EAAE,oCAAe,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,aAAa;YAC5D,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,aAAa;YACvC,cAAc,EAAE,uBAAuB;YACvC,YAAY,EAAE,qBAAqB;YACnC,4BAA4B,EAAE,kBAAkB,IAAI,KAAK;YACzD,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,SAAS;YACtD,QAAQ,EACN,oCAAe,CAAC,WAAW,CAAC,QAAQ,CAAC;gBACrC,oCAAe,CAAC,WAAW,CAAC,aAAa,CAAC;YAC5C,OAAO,EAAE,oCAAe,CAAC,WAAW,CAAC,YAAY,CAAC;YAClD,QAAQ,EAAE,oCAAe,CAAC,WAAW,CAAC,aAAa,CAAC;YACpD,OAAO,EAAE,MAAM,CAAC,GAAG;YACnB,WAAW,EAAE,MAAM,CAAC,GAAG;YACvB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,cAAc,EAAE,MAAM,CAAC,GAAG;YAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;YACrD,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,GAAG,EACD,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM;gBAC7B,CAAC,CAAC;oBACE,IAAI,EAAE,MAAM,CAAC,OAAO;oBACpB,GAAG,EAAE,MAAM,CAAC,MAAM;oBAClB,EAAE,EAAE,MAAM,CAAC,KAAK;iBACjB;gBACH,CAAC,CAAC,SAAS;SAChB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,gDAAgD;QAChD,MAAM,QAAQ,GAAG,oCAAe,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAI,QAAQ,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,iBAAiB;YAAE,OAAO,MAAM,CAAC;QACzE,IAAI,QAAQ,KAAK,OAAO;YAAE,OAAO,OAAO,CAAC;QAEzC,iDAAiD;QACjD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAC3C,IAAI,QAAQ,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,iBAAiB;YAAE,OAAO,MAAM,CAAC;QACzE,IAAI,QAAQ,KAAK,OAAO;YAAE,OAAO,OAAO,CAAC;QAEzC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,SAAS;QACf,MAAM,IAAI,GAAG,oCAAe,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACK,eAAe;QACrB,MAAM,KAAK,GAAG,oCAAe,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAC1D,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QAEtB,OAAO,KAAK;aACT,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CACL,CAAC,CAAC,EAAmB,EAAE,CACrB,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,SAAS,CACrE,CAAC;IACN,CAAC;IAED,6EAA6E;IAC7E,gCAAgC;IAChC,6EAA6E;IAE7E;;OAEG;IACH,MAAM,CAAC,yBAAyB;QAC9B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8BV,CAAC;IACA,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,kBAA2B;QAC7C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+CT,mBAAmB,CAAC,yBAAyB,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkD/C,kBAAkB,IAAI,EAAE;CACzB,CAAC;IACA,CAAC;CACF;AAlUD,kDAkUC"}
|
|
@@ -51,6 +51,12 @@ export interface SseServerOptions {
|
|
|
51
51
|
* @default false
|
|
52
52
|
*/
|
|
53
53
|
allowDestinationHeader?: boolean;
|
|
54
|
+
/** Allowed Host header values (DNS-rebinding protection; exact, incl. port) */
|
|
55
|
+
allowedHosts?: string[];
|
|
56
|
+
/** Allowed Origin header values (DNS-rebinding protection; exact, incl. scheme) */
|
|
57
|
+
allowedOrigins?: string[];
|
|
58
|
+
/** Enable DNS-rebinding protection (requires allowedHosts and/or allowedOrigins) */
|
|
59
|
+
enableDnsRebindingProtection?: boolean;
|
|
54
60
|
}
|
|
55
61
|
/**
|
|
56
62
|
* Minimal SSE server: creates a new BaseMcpServer per GET connection, routes POST by sessionId.
|
|
@@ -74,6 +80,9 @@ export declare class SseServer {
|
|
|
74
80
|
private standaloneServer?;
|
|
75
81
|
private readonly tls?;
|
|
76
82
|
private readonly allowDestinationHeader;
|
|
83
|
+
private readonly allowedHosts?;
|
|
84
|
+
private readonly allowedOrigins?;
|
|
85
|
+
private readonly enableDnsRebindingProtection?;
|
|
77
86
|
constructor(handlersRegistry: IHandlersRegistry, authBrokerFactory: AuthBrokerFactory, opts?: SseServerOptions);
|
|
78
87
|
/**
|
|
79
88
|
* Register routes on an external HTTP application
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SseServer.d.ts","sourceRoot":"","sources":["../../src/server/SseServer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAEhE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"SseServer.d.ts","sourceRoot":"","sources":["../../src/server/SseServer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAEhE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAGvE,OAAO,KAAK,EACV,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAK/B,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,GAAG,CAAC,EAAE,gBAAgB,CAAC;IACvB;;OAEG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mFAAmF;IACnF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,oFAAoF;IACpF,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC;AAOD;;;;;;GAMG;AACH,qBAAa,SAAS;IAkBlB,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAlBpC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmC;IAC5D,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAmB;IAChD,OAAO,CAAC,gBAAgB,CAAC,CAA2B;IACpD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IACjD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAW;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAW;IAC3C,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAU;gBAGrC,gBAAgB,EAAE,iBAAiB,EACnC,iBAAiB,EAAE,iBAAiB,EACrD,IAAI,CAAC,EAAE,gBAAgB;IAiBzB;;;;;;OAMG;IACH,cAAc,CACZ,GAAG,EAAE,gBAAgB,EACrB,QAAQ,CAAC,EAAE,wBAAwB,GAClC,IAAI;IAiDP;;OAEG;IACH,UAAU,IAAI,MAAM;IAIpB;;OAEG;IACH,WAAW,IAAI,MAAM;IAIrB;;;;;OAKG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAmCd,SAAS;YAuGT,UAAU;IAiDxB;;OAEG;IACH,OAAO,CAAC,uBAAuB;CAShC"}
|
package/dist/server/SseServer.js
CHANGED
|
@@ -8,6 +8,7 @@ const sse_js_1 = require("@modelcontextprotocol/sdk/server/sse.js");
|
|
|
8
8
|
const express_1 = __importDefault(require("express"));
|
|
9
9
|
const handlerLogger_js_1 = require("../lib/handlerLogger.js");
|
|
10
10
|
const BaseMcpServer_js_1 = require("./BaseMcpServer.js");
|
|
11
|
+
const dnsRebindingProtection_js_1 = require("./dnsRebindingProtection.js");
|
|
11
12
|
const tlsUtils_js_1 = require("./tlsUtils.js");
|
|
12
13
|
const DEFAULT_VERSION = process.env.npm_package_version ?? '1.0.0';
|
|
13
14
|
/**
|
|
@@ -32,6 +33,9 @@ class SseServer {
|
|
|
32
33
|
standaloneServer;
|
|
33
34
|
tls;
|
|
34
35
|
allowDestinationHeader;
|
|
36
|
+
allowedHosts;
|
|
37
|
+
allowedOrigins;
|
|
38
|
+
enableDnsRebindingProtection;
|
|
35
39
|
constructor(handlersRegistry, authBrokerFactory, opts) {
|
|
36
40
|
this.handlersRegistry = handlersRegistry;
|
|
37
41
|
this.authBrokerFactory = authBrokerFactory;
|
|
@@ -45,6 +49,9 @@ class SseServer {
|
|
|
45
49
|
this.externalApp = opts?.app;
|
|
46
50
|
this.tls = opts?.tls;
|
|
47
51
|
this.allowDestinationHeader = opts?.allowDestinationHeader ?? false;
|
|
52
|
+
this.allowedHosts = opts?.allowedHosts;
|
|
53
|
+
this.allowedOrigins = opts?.allowedOrigins;
|
|
54
|
+
this.enableDnsRebindingProtection = opts?.enableDnsRebindingProtection;
|
|
48
55
|
}
|
|
49
56
|
/**
|
|
50
57
|
* Register routes on an external HTTP application
|
|
@@ -64,13 +71,18 @@ class SseServer {
|
|
|
64
71
|
activeSessions: this.sessions.size,
|
|
65
72
|
});
|
|
66
73
|
}));
|
|
67
|
-
|
|
74
|
+
const dnsOpts = {
|
|
75
|
+
enable: this.enableDnsRebindingProtection,
|
|
76
|
+
allowedHosts: this.allowedHosts,
|
|
77
|
+
allowedOrigins: this.allowedOrigins,
|
|
78
|
+
};
|
|
79
|
+
app.get(this.ssePath, (0, dnsRebindingProtection_js_1.withDnsRebindingProtection)((async (req, res) => {
|
|
68
80
|
await this.handleGet(req, res);
|
|
69
|
-
}));
|
|
70
|
-
app.post(this.postPath, (async (req, res) => {
|
|
81
|
+
}), dnsOpts));
|
|
82
|
+
app.post(this.postPath, (0, dnsRebindingProtection_js_1.withDnsRebindingProtection)((async (req, res) => {
|
|
71
83
|
const url = new URL(req.originalUrl, `http://${req.headers.host}`);
|
|
72
84
|
await this.handlePost(req, res, url);
|
|
73
|
-
}));
|
|
85
|
+
}), dnsOpts));
|
|
74
86
|
console.error(`[SseServer] Routes registered on external app`);
|
|
75
87
|
console.error(`[SseServer] SSE endpoint: ${this.ssePath}`);
|
|
76
88
|
console.error(`[SseServer] POST endpoint: ${this.postPath}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SseServer.js","sourceRoot":"","sources":["../../src/server/SseServer.ts"],"names":[],"mappings":";;;;;;AAGA,oEAA6E;AAC7E,sDAA8B;AAG9B,8DAAqD;AAErD,yDAAmD;
|
|
1
|
+
{"version":3,"file":"SseServer.js","sourceRoot":"","sources":["../../src/server/SseServer.ts"],"names":[],"mappings":";;;;;;AAGA,oEAA6E;AAC7E,sDAA8B;AAG9B,8DAAqD;AAErD,yDAAmD;AACnD,2EAAyE;AAKzE,+CAAkE;AAElE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC;AA+DnE;;;;;;GAMG;AACH,MAAa,SAAS;IAkBD;IACA;IAlBF,IAAI,CAAS;IACb,IAAI,CAAS;IACb,OAAO,CAAS;IAChB,QAAQ,CAAS;IACjB,kBAAkB,CAAU;IAC5B,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC3C,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,WAAW,CAAoB;IACxC,gBAAgB,CAA4B;IACnC,GAAG,CAAa;IAChB,sBAAsB,CAAU;IAChC,YAAY,CAAY;IACxB,cAAc,CAAY;IAC1B,4BAA4B,CAAW;IAExD,YACmB,gBAAmC,EACnC,iBAAoC,EACrD,IAAuB;QAFN,qBAAgB,GAAhB,gBAAgB,CAAmB;QACnC,sBAAiB,GAAjB,iBAAiB,CAAmB;QAGrD,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,WAAW,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,MAAM,CAAC;QACvC,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,WAAW,CAAC;QAC9C,IAAI,CAAC,kBAAkB,GAAG,IAAI,EAAE,kBAAkB,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,6BAAU,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,eAAe,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,EAAE,GAAG,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,IAAI,EAAE,GAAG,CAAC;QACrB,IAAI,CAAC,sBAAsB,GAAG,IAAI,EAAE,sBAAsB,IAAI,KAAK,CAAC;QACpE,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,YAAY,CAAC;QACvC,IAAI,CAAC,cAAc,GAAG,IAAI,EAAE,cAAc,CAAC;QAC3C,IAAI,CAAC,4BAA4B,GAAG,IAAI,EAAE,4BAA4B,CAAC;IACzE,CAAC;IAED;;;;;;OAMG;IACH,cAAc,CACZ,GAAqB,EACrB,QAAmC;QAEnC,6DAA6D;QAC7D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,IAAS,EAAE,GAAQ,EAAE,EAAE;YAC9C,GAAG,CAAC,IAAI,CAAC;gBACP,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;gBACpC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,KAAK;gBAChB,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;aACnC,CAAC,CAAC;QACL,CAAC,CAAQ,CAAC,CAAC;QAEX,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,4BAA4B;YACzC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC,CAAC;QAEF,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,OAAO,EACZ,IAAA,sDAA0B,EACxB,CAAC,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC5B,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAQ,EACT,OAAO,CACD,CACT,CAAC;QAEF,GAAG,CAAC,IAAI,CACN,IAAI,CAAC,QAAQ,EACb,IAAA,sDAA0B,EACxB,CAAC,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QACvC,CAAC,CAAQ,EACT,OAAO,CACD,CACT,CAAC;QAEF,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,6BAA6B,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,8BAA8B,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CACX,oCAAoC,IAAI,CAAC,kBAAkB,EAAE,CAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK;QACT,qEAAqE;QACrE,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,6CAA6C;QAC7C,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAExB,IAAI,CAAC,cAAc,CAAC,GAAkC,CAAC,CAAC;QAExD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,QAAQ,GAAG,IAAA,yBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,IAAA,kCAAoB,EAAC,GAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1D,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC;YAE/B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;gBAC5B,OAAO,CAAC,KAAK,CACX,iCAAiC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAC1D,CAAC;gBACF,OAAO,CAAC,KAAK,CACX,6BAA6B,QAAQ,MAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CACnF,CAAC;gBACF,OAAO,CAAC,KAAK,CACX,8BAA8B,QAAQ,MAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CACrF,CAAC;gBACF,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,GAAQ,EAAE,GAAQ;QACxC,IAAI,WAA+B,CAAC;QACpC,IAAI,MAAW,CAAC;QAEhB,oFAAoF;QACpF,MAAM,iBAAiB,GAAG,IAAI,CAAC,sBAAsB;YACnD,CAAC,CAAC,CAAE,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAwB;gBACxD,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAwB,CAAC;YAC3D,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,iBAAiB,EAAE,CAAC;YACtB,WAAW,GAAG,iBAAiB,CAAC;YAChC,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QAC3E,CAAC;QACD,qEAAqE;QACrE,gEAAgE;aAC3D,IAAI,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,iEAAiE;YACjE,WAAW,GAAG,SAAS,CAAC;YACxB,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QACD,sCAAsC;aACjC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACjC,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC;YACtC,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QAC3E,CAAC;QACD,sDAAsD;aACjD,CAAC;YACJ,GAAG;iBACA,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CACH,8IAA8I,CAC/I,CAAC;YACJ,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,WAAW,IAAI,MAAM,EAAE,CAAC,CAAC;QAEnE,MAAM,aAAc,SAAQ,gCAAa;YAEpB;YACR;YACA;YAHX,YACmB,QAA2B,EACnC,UAAkB,EAClB,GAAW;gBAEpB,KAAK,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;gBAJrD,aAAQ,GAAR,QAAQ,CAAmB;gBACnC,eAAU,GAAV,UAAU,CAAQ;gBAClB,QAAG,GAAH,GAAG,CAAQ;YAGtB,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,IAAwB,EAAE,CAAM,EAAE,IAAU;gBACrD,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;gBAC3C,CAAC;qBAAM,IAAI,IAAI,EAAE,CAAC;oBAChB,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC;gBAC7C,CAAC;gBACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC;SACF;QAED,MAAM,MAAM,GAAG,IAAI,aAAa,CAC9B,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,OAAO,CACb,CAAC;QACF,MAAM,MAAM,CAAC,IAAI,CACf,WAAW,EACX,MAAM,EACN,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CACpE,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,2BAAkB,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;QAEtC,OAAO,CAAC,KAAK,CACX,6BAA6B,SAAS,oBAAoB,WAAW,EAAE,CACxE,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,KAAK,CACX,6CAA6C,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAClE,CAAC;QAEF,+DAA+D;QAC/D,uEAAuE;QACvE,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,SAAS,EAAE,CAAC,CAAC;QAC1E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,0CAA0C,SAAS,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjH,CAAC;YACF,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;YACD,OAAO;QACT,CAAC;QAED,uDAAuD;QACvD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACnB,OAAO,CAAC,KAAK,CAAC,6CAA6C,SAAS,EAAE,CAAC,CAAC;YACxE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,KAAK,SAAS,CAAC,KAAK,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAQ,EAAE,GAAQ,EAAE,GAAS;QACpD,MAAM,SAAS,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;YACnD,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;YAC3B,EAAE,CAAW,CAAC;QAEhB,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,MAA4B,CAAC;QACzD,MAAM,MAAM,GAAG,SAAS,KAAK,MAAM,CAAC;QAEpC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CACX,wBAAwB,SAAS,oBAAoB,IAAI,CAAC,QAAQ,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACjI,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CACX,8BAA8B,SAAS,uBAAuB,CAC/D,CAAC;YACF,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,sFAAsF;QACtF,gEAAgE;QAChE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CACX,kEAAkE,SAAS,EAAE,CAC9E,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAC5D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CACX,iDAAiD,SAAS,EAAE,CAC7D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,iCAAiC,SAAS,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxG,CAAC;YACF,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAChD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,OAAY;QAC1C,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC5E,MAAM,YAAY,GAChB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;YAClD,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAE3D,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,IAAI,YAAY,CAAC,CAAC,CAAC;IACpD,CAAC;CACF;AA3TD,8BA2TC"}
|
|
@@ -52,6 +52,12 @@ export interface StreamableHttpServerOptions {
|
|
|
52
52
|
* @default false
|
|
53
53
|
*/
|
|
54
54
|
allowDestinationHeader?: boolean;
|
|
55
|
+
/** Allowed Host header values (DNS-rebinding protection; exact, incl. port) */
|
|
56
|
+
allowedHosts?: string[];
|
|
57
|
+
/** Allowed Origin header values (DNS-rebinding protection; exact, incl. scheme) */
|
|
58
|
+
allowedOrigins?: string[];
|
|
59
|
+
/** Enable DNS-rebinding protection (requires allowedHosts and/or allowedOrigins) */
|
|
60
|
+
enableDnsRebindingProtection?: boolean;
|
|
55
61
|
}
|
|
56
62
|
/**
|
|
57
63
|
* Minimal Streamable HTTP server implementation.
|
|
@@ -75,6 +81,9 @@ export declare class StreamableHttpServer extends BaseMcpServer {
|
|
|
75
81
|
private standaloneServer?;
|
|
76
82
|
private readonly tls?;
|
|
77
83
|
private readonly allowDestinationHeader;
|
|
84
|
+
private readonly allowedHosts?;
|
|
85
|
+
private readonly allowedOrigins?;
|
|
86
|
+
private readonly enableDnsRebindingProtection?;
|
|
78
87
|
/** Per-destination lock to serialize token acquisition (prevents concurrent OAuth flows) */
|
|
79
88
|
private readonly authLocks;
|
|
80
89
|
constructor(handlersRegistry: IHandlersRegistry, authBrokerFactory: AuthBrokerFactory, opts?: StreamableHttpServerOptions);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StreamableHttpServer.d.ts","sourceRoot":"","sources":["../../src/server/StreamableHttpServer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAEhE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"StreamableHttpServer.d.ts","sourceRoot":"","sources":["../../src/server/StreamableHttpServer.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAGnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAEhE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,KAAK,EACV,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAK/B,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,GAAG,CAAC,EAAE,gBAAgB,CAAC;IACvB;;OAEG;IACH,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+EAA+E;IAC/E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mFAAmF;IACnF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,oFAAoF;IACpF,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC;AAED;;;;;;;;GAQG;AACH,qBAAa,oBAAqB,SAAQ,aAAa;IAkBnD,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAlBpC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAU;IAC7C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAmB;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,gBAAgB,CAAC,CAA2B;IACpD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAY;IACjC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IACjD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAW;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAW;IAC3C,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAU;IACxD,4FAA4F;IAC5F,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAoC;gBAG3C,gBAAgB,EAAE,iBAAiB,EACnC,iBAAiB,EAAE,iBAAiB,EACrD,IAAI,CAAC,EAAE,2BAA2B;IAuBpC;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAoI5B;;;;;;OAMG;IACH,cAAc,CACZ,GAAG,EAAE,gBAAgB,EACrB,QAAQ,CAAC,EAAE,wBAAwB,GAClC,IAAI;IA2CP;;OAEG;IACH,OAAO,IAAI,MAAM;IAIjB;;;;;OAKG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAgC5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAY/B,OAAO,CAAC,sBAAsB;CA0C/B"}
|
|
@@ -8,6 +8,7 @@ const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamable
|
|
|
8
8
|
const express_1 = __importDefault(require("express"));
|
|
9
9
|
const handlerLogger_js_1 = require("../lib/handlerLogger.js");
|
|
10
10
|
const BaseMcpServer_js_1 = require("./BaseMcpServer.js");
|
|
11
|
+
const dnsRebindingProtection_js_1 = require("./dnsRebindingProtection.js");
|
|
11
12
|
const tlsUtils_js_1 = require("./tlsUtils.js");
|
|
12
13
|
const DEFAULT_VERSION = process.env.npm_package_version ?? '1.0.0';
|
|
13
14
|
/**
|
|
@@ -32,6 +33,9 @@ class StreamableHttpServer extends BaseMcpServer_js_1.BaseMcpServer {
|
|
|
32
33
|
standaloneServer;
|
|
33
34
|
tls;
|
|
34
35
|
allowDestinationHeader;
|
|
36
|
+
allowedHosts;
|
|
37
|
+
allowedOrigins;
|
|
38
|
+
enableDnsRebindingProtection;
|
|
35
39
|
/** Per-destination lock to serialize token acquisition (prevents concurrent OAuth flows) */
|
|
36
40
|
authLocks = new Map();
|
|
37
41
|
constructor(handlersRegistry, authBrokerFactory, opts) {
|
|
@@ -51,6 +55,9 @@ class StreamableHttpServer extends BaseMcpServer_js_1.BaseMcpServer {
|
|
|
51
55
|
this.externalApp = opts?.app;
|
|
52
56
|
this.tls = opts?.tls;
|
|
53
57
|
this.allowDestinationHeader = opts?.allowDestinationHeader ?? false;
|
|
58
|
+
this.allowedHosts = opts?.allowedHosts;
|
|
59
|
+
this.allowedOrigins = opts?.allowedOrigins;
|
|
60
|
+
this.enableDnsRebindingProtection = opts?.enableDnsRebindingProtection;
|
|
54
61
|
// Register handlers once for shared MCP server
|
|
55
62
|
this.registerHandlers(this.handlersRegistry);
|
|
56
63
|
}
|
|
@@ -180,12 +187,17 @@ class StreamableHttpServer extends BaseMcpServer_js_1.BaseMcpServer {
|
|
|
180
187
|
transport: 'http',
|
|
181
188
|
});
|
|
182
189
|
});
|
|
190
|
+
const dnsOpts = {
|
|
191
|
+
enable: this.enableDnsRebindingProtection,
|
|
192
|
+
allowedHosts: this.allowedHosts,
|
|
193
|
+
allowedOrigins: this.allowedOrigins,
|
|
194
|
+
};
|
|
183
195
|
// Only handle POST requests - GET SSE streams cause abort errors on disconnect
|
|
184
|
-
app.post(this.path, handler);
|
|
196
|
+
app.post(this.path, (0, dnsRebindingProtection_js_1.withDnsRebindingProtection)(handler, dnsOpts));
|
|
185
197
|
// Return 405 for other methods to avoid SSE stream issues
|
|
186
|
-
app.all(this.path, (_req, res) => {
|
|
198
|
+
app.all(this.path, (0, dnsRebindingProtection_js_1.withDnsRebindingProtection)((_req, res) => {
|
|
187
199
|
res.status(405).send('Method Not Allowed');
|
|
188
|
-
});
|
|
200
|
+
}, dnsOpts));
|
|
189
201
|
console.error(`[StreamableHttpServer] Routes registered on external app at ${this.path}`);
|
|
190
202
|
console.error(`[StreamableHttpServer] JSON response mode: ${this.enableJsonResponse}`);
|
|
191
203
|
if (this.defaultDestination) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StreamableHttpServer.js","sourceRoot":"","sources":["../../src/server/StreamableHttpServer.ts"],"names":[],"mappings":";;;;;;AAGA,0FAAmG;AACnG,sDAA+D;AAG/D,8DAAqD;AAErD,yDAAmD;
|
|
1
|
+
{"version":3,"file":"StreamableHttpServer.js","sourceRoot":"","sources":["../../src/server/StreamableHttpServer.ts"],"names":[],"mappings":";;;;;;AAGA,0FAAmG;AACnG,sDAA+D;AAG/D,8DAAqD;AAErD,yDAAmD;AACnD,2EAAyE;AAKzE,+CAAkE;AAElE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC;AA0DnE;;;;;;;;GAQG;AACH,MAAa,oBAAqB,SAAQ,gCAAa;IAkBlC;IACA;IAlBF,IAAI,CAAS;IACb,IAAI,CAAS;IACb,kBAAkB,CAAU;IAC5B,kBAAkB,CAAU;IAC5B,IAAI,CAAS;IACb,WAAW,CAAoB;IAC/B,OAAO,CAAS;IACzB,gBAAgB,CAA4B;IACnC,GAAG,CAAa;IAChB,sBAAsB,CAAU;IAChC,YAAY,CAAY;IACxB,cAAc,CAAY;IAC1B,4BAA4B,CAAW;IACxD,4FAA4F;IAC3E,SAAS,GAAG,IAAI,GAAG,EAAyB,CAAC;IAE9D,YACmB,gBAAmC,EACnC,iBAAoC,EACrD,IAAkC;QAElC,KAAK,CAAC;YACJ,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,eAAe;YACzC,MAAM,EAAE,IAAI,EAAE,MAAM,IAAI,6BAAU;SACnC,CAAC,CAAC;QARc,qBAAgB,GAAhB,gBAAgB,CAAmB;QACnC,sBAAiB,GAAjB,iBAAiB,CAAmB;QAQrD,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,eAAe,CAAC;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,WAAW,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QAC/B,IAAI,CAAC,kBAAkB,GAAG,IAAI,EAAE,kBAAkB,IAAI,IAAI,CAAC;QAC3D,IAAI,CAAC,kBAAkB,GAAG,IAAI,EAAE,kBAAkB,CAAC;QACnD,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,kBAAkB,CAAC;QAC7C,IAAI,CAAC,WAAW,GAAG,IAAI,EAAE,GAAG,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,IAAI,EAAE,GAAG,CAAC;QACrB,IAAI,CAAC,sBAAsB,GAAG,IAAI,EAAE,sBAAsB,IAAI,KAAK,CAAC;QACpE,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,YAAY,CAAC;QACvC,IAAI,CAAC,cAAc,GAAG,IAAI,EAAE,cAAc,CAAC;QAC3C,IAAI,CAAC,4BAA4B,GAAG,IAAI,EAAE,4BAA4B,CAAC;QACvE,+CAA+C;QAC/C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACK,oBAAoB;QAI1B,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;YAC3C,MAAM,QAAQ,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACxE,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,MAA4B,CAAC;YACzD,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAC3B,MAAM,QAAQ,GACZ,SAAS,KAAK,YAAY;gBACxB,CAAC,CAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,IAA2B;gBAChD,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,UAAU,GAAG,QAAQ;gBACzB,CAAC,CAAC,GAAG,SAAS,OAAO,QAAQ,EAAE;gBAC/B,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC;YAC7B,MAAM,MAAM,GAAG,SAAS,KAAK,MAAM,CAAC;YACpC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CACX,0BAA0B,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,SAAS,QAAQ,MAAM,UAAU,QAAQ,KAAK,IAAI,GAAG,GAAG,CACzG,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC7C,IAAI,WAA+B,CAAC;gBACpC,IAAI,MAEH,CAAC;gBAEF,oFAAoF;gBACpF,MAAM,iBAAiB,GAAG,IAAI,CAAC,sBAAsB;oBACnD,CAAC,CAAC,CAAE,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAwB;wBACxD,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAwB,CAAC;oBAC3D,CAAC,CAAC,SAAS,CAAC;gBAEd,IAAI,iBAAiB,EAAE,CAAC;oBACtB,WAAW,GAAG,iBAAiB,CAAC;oBAChC,MAAM;wBACJ,MAAM,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;gBACpE,CAAC;gBACD,qEAAqE;gBACrE,gEAAgE;qBAC3D,IAAI,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnD,sEAAsE;oBACtE,WAAW,GAAG,SAAS,CAAC;oBACxB,MAAM,GAAG,SAAS,CAAC;oBACnB,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,MAAM,CAAC,qCAAqC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;gBACD,sCAAsC;qBACjC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACjC,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC;oBACtC,yDAAyD;oBACzD,MAAM;wBACJ,MAAM,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;gBACpE,CAAC;gBACD,sDAAsD;qBACjD,CAAC;oBACJ,GAAG;yBACA,MAAM,CAAC,GAAG,CAAC;yBACX,IAAI,CACH,8IAA8I,CAC/I,CAAC;oBACJ,OAAO;gBACT,CAAC;gBAED,IAAI,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CACb,gDAAgD,WAAW,EAAE,CAC9D,CAAC;gBACJ,CAAC;gBAED,oEAAoE;gBACpE,0DAA0D;gBAC1D,IAAI,CAAC,MAAM,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;oBACrC,oEAAoE;oBACpE,qDAAqD;oBACrD,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrD,IAAI,YAAY,EAAE,CAAC;wBACjB,MAAM,YAAY,CAAC;oBACrB,CAAC;oBACD,MAAM,WAAW,GAAG,MAAM;yBACvB,0BAA0B,CAAC,WAAW,EAAE,MAAM,CAAC;yBAC/C,OAAO,CAAC,GAAG,EAAE;wBACZ,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,WAAW,EAAE,CAAC;4BACpD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;wBACrC,CAAC;oBACH,CAAC,CAAC,CAAC;oBACL,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;oBAC7C,MAAM,WAAW,CAAC;gBACpB,CAAC;gBAED,MAAM,UAAU,GAAG,WAAW;oBAC5B,CAAC,CAAC,eAAe,WAAW,EAAE;oBAC9B,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,OAAO,CAAC;wBACzC,CAAC,CAAC,iBAAiB;wBACnB,CAAC,CAAC,MAAM,CAAC;gBACb,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,KAAK,CACX,0BAA0B,UAAU,YAAY,UAAU,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBAED,MAAM,SAAS,GAAG,IAAI,iDAA6B,CAAC;oBAClD,kBAAkB,EAAE,SAAS,EAAE,wCAAwC;oBACvE,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;iBAC5C,CAAC,CAAC;gBAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;oBACnB,KAAK,SAAS,CAAC,KAAK,EAAE,CAAC;gBACzB,CAAC,CAAC,CAAC;gBAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAChC,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAClD,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,KAAK,CACX,0BAA0B,UAAU,QAAQ,KAAK,IAAI,GAAG,aAAa,CACtE,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,0BAA0B,UAAU,QAAQ,KAAK,IAAI,GAAG,WAAW,EACnE,GAAG,CACJ,CAAC;gBACF,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,cAAc,CACZ,GAAqB,EACrB,QAAmC;QAEnC,MAAM,OAAO,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5C,6DAA6D;QAC7D,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;YACtD,GAAG,CAAC,IAAI,CAAC;gBACP,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;gBACpC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,MAAM;aAClB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,4BAA4B;YACzC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC,CAAC;QAEF,+EAA+E;QAC/E,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAA,sDAA0B,EAAC,OAAO,EAAE,OAAO,CAAQ,CAAC,CAAC;QAEzE,0DAA0D;QAC1D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,IAAI,EACT,IAAA,sDAA0B,EAAC,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;YAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC7C,CAAC,EAAE,OAAO,CAAQ,CACnB,CAAC;QAEF,OAAO,CAAC,KAAK,CACX,+DAA+D,IAAI,CAAC,IAAI,EAAE,CAC3E,CAAC;QACF,OAAO,CAAC,KAAK,CACX,8CAA8C,IAAI,CAAC,kBAAkB,EAAE,CACxE,CAAC;QACF,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CACX,+CAA+C,IAAI,CAAC,kBAAkB,EAAE,CACzE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK;QACT,qEAAqE;QACrE,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,6CAA6C;QAC7C,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAExB,IAAI,CAAC,cAAc,CAAC,GAAkC,CAAC,CAAC;QAExD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC1C,MAAM,QAAQ,GAAG,IAAA,yBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACvC,MAAM,MAAM,GAAG,IAAA,kCAAoB,EAAC,GAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1D,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC;YAE/B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;gBAC5B,OAAO,CAAC,KAAK,CACX,4CAA4C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CACrE,CAAC;gBACF,OAAO,CAAC,KAAK,CACX,oCAAoC,QAAQ,MAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CACvF,CAAC;gBACF,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,uBAAuB,CAC7B,OAAsD;QAEtD,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC5E,MAAM,YAAY,GAChB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;YAClD,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAE3D,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,IAAI,YAAY,CAAC,CAAC,CAAC;IACpD,CAAC;IAEO,sBAAsB;QAU5B,MAAM,gBAAiB,SAAQ,gCAAa;YAEvB;YADnB,YACmB,QAA2B,EAC5C,OAAe,EACf,MAAc;gBAEd,KAAK,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;gBAJhC,aAAQ,GAAR,QAAQ,CAAmB;gBAK5C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC;YAEM,0BAA0B,CAC/B,WAAmB,EACnB,MAAuE;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC;gBACD,OAAO,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACxD,CAAC;YAEM,qCAAqC,CAC1C,OAAsD;gBAEtD,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;SACF;QACD,OAAO,IAAI,gBAAgB,CACzB,IAAI,CAAC,gBAAgB,EACrB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,CACZ,CAAC;IACJ,CAAC;CACF;AA9UD,oDA8UC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { NextFunction, Request, Response } from 'express';
|
|
2
|
+
export interface DnsRebindingOptions {
|
|
3
|
+
enable?: boolean;
|
|
4
|
+
/** Exact raw Host header values, including port (e.g. "localhost:3000"). */
|
|
5
|
+
allowedHosts?: string[];
|
|
6
|
+
/** Exact raw Origin header values, including scheme (e.g. "https://app.example.com"). */
|
|
7
|
+
allowedOrigins?: string[];
|
|
8
|
+
}
|
|
9
|
+
type RouteHandler = (req: Request, res: Response, next?: NextFunction) => void | Promise<void>;
|
|
10
|
+
/** Returns a 403 descriptor if the request must be rejected, else null. */
|
|
11
|
+
export declare function checkDnsRebinding(headers: {
|
|
12
|
+
host?: string;
|
|
13
|
+
origin?: string;
|
|
14
|
+
}, opts: DnsRebindingOptions): {
|
|
15
|
+
status: number;
|
|
16
|
+
body: unknown;
|
|
17
|
+
} | null;
|
|
18
|
+
/** Wrap an MCP route handler so it validates Host/Origin before delegating. */
|
|
19
|
+
export declare function withDnsRebindingProtection(handler: RouteHandler, opts: DnsRebindingOptions): RouteHandler;
|
|
20
|
+
export {};
|
|
21
|
+
//# sourceMappingURL=dnsRebindingProtection.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dnsRebindingProtection.d.ts","sourceRoot":"","sources":["../../src/server/dnsRebindingProtection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yFAAyF;IACzF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,KAAK,YAAY,GAAG,CAClB,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,CAAC,EAAE,YAAY,KAChB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAS1B,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,EAC3C,IAAI,EAAE,mBAAmB,GACxB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,CAiB1C;AAED,+EAA+E;AAC/E,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,YAAY,EACrB,IAAI,EAAE,mBAAmB,GACxB,YAAY,CAed"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.checkDnsRebinding = checkDnsRebinding;
|
|
4
|
+
exports.withDnsRebindingProtection = withDnsRebindingProtection;
|
|
5
|
+
function reject(message) {
|
|
6
|
+
return {
|
|
7
|
+
status: 403,
|
|
8
|
+
body: { jsonrpc: '2.0', error: { code: -32000, message }, id: null },
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
/** Returns a 403 descriptor if the request must be rejected, else null. */
|
|
12
|
+
function checkDnsRebinding(headers, opts) {
|
|
13
|
+
if (opts.enable !== true)
|
|
14
|
+
return null;
|
|
15
|
+
const hosts = opts.allowedHosts ?? [];
|
|
16
|
+
const origins = opts.allowedOrigins ?? [];
|
|
17
|
+
if (hosts.length > 0) {
|
|
18
|
+
const host = headers.host;
|
|
19
|
+
if (!host || !hosts.includes(host)) {
|
|
20
|
+
return reject(`Invalid Host header: ${host ?? ''}`);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
if (origins.length > 0) {
|
|
24
|
+
const origin = headers.origin;
|
|
25
|
+
if (origin && !origins.includes(origin)) {
|
|
26
|
+
return reject(`Invalid Origin header: ${origin}`);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
return null;
|
|
30
|
+
}
|
|
31
|
+
/** Wrap an MCP route handler so it validates Host/Origin before delegating. */
|
|
32
|
+
function withDnsRebindingProtection(handler, opts) {
|
|
33
|
+
return (req, res, next) => {
|
|
34
|
+
const rejection = checkDnsRebinding({
|
|
35
|
+
host: req.headers?.host,
|
|
36
|
+
origin: req.headers?.origin,
|
|
37
|
+
}, opts);
|
|
38
|
+
if (rejection) {
|
|
39
|
+
res.status(rejection.status).json(rejection.body);
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
return handler(req, res, next);
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=dnsRebindingProtection.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dnsRebindingProtection.js","sourceRoot":"","sources":["../../src/server/dnsRebindingProtection.ts"],"names":[],"mappings":";;AAwBA,8CAoBC;AAGD,gEAkBC;AAjDD,SAAS,MAAM,CAAC,OAAe;IAC7B,OAAO;QACL,MAAM,EAAE,GAAG;QACX,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;KACrE,CAAC;AACJ,CAAC;AAED,2EAA2E;AAC3E,SAAgB,iBAAiB,CAC/B,OAA2C,EAC3C,IAAyB;IAEzB,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC;IAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO,MAAM,CAAC,wBAAwB,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,IAAI,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,SAAgB,0BAA0B,CACxC,OAAqB,EACrB,IAAyB;IAEzB,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACxB,MAAM,SAAS,GAAG,iBAAiB,CACjC;YACE,IAAI,EAAE,GAAG,CAAC,OAAO,EAAE,IAA0B;YAC7C,MAAM,EAAE,GAAG,CAAC,OAAO,EAAE,MAA4B;SAClD,EACD,IAAI,CACL,CAAC;QACF,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/server/launcher.js
CHANGED
|
@@ -338,6 +338,9 @@ async function main() {
|
|
|
338
338
|
logger: loggerForTransport,
|
|
339
339
|
tls: config.tls,
|
|
340
340
|
allowDestinationHeader: config.allowDestinationHeader,
|
|
341
|
+
allowedHosts: config.allowedHosts,
|
|
342
|
+
allowedOrigins: config.allowedOrigins,
|
|
343
|
+
enableDnsRebindingProtection: config.enableDnsRebindingProtection,
|
|
341
344
|
});
|
|
342
345
|
activeServer = server;
|
|
343
346
|
await server.start();
|
|
@@ -353,6 +356,9 @@ async function main() {
|
|
|
353
356
|
logger: loggerForTransport,
|
|
354
357
|
tls: config.tls,
|
|
355
358
|
allowDestinationHeader: config.allowDestinationHeader,
|
|
359
|
+
allowedHosts: config.allowedHosts,
|
|
360
|
+
allowedOrigins: config.allowedOrigins,
|
|
361
|
+
enableDnsRebindingProtection: config.enableDnsRebindingProtection,
|
|
356
362
|
});
|
|
357
363
|
activeServer = server;
|
|
358
364
|
await server.start();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"launcher.js","sourceRoot":"","sources":["../../src/server/launcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4CAA8B;AAC9B,gDAAkC;AAClC,+CAAiC;AACjC,mDAAyD;AACzD,qDAA6D;AAC7D,+EAAyE;AACzE,8DAOyC;AACzC,yEAAoF;AAKpF,wGAAkG;AAClG,8CAGyB;AACzB,+DAAyD;AACzD,iDAA2C;AAC3C,qDAA+C;AAC/C,uEAAiE;AAEjE,MAAM,YAAY,GAAG;IACnB,IAAI,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAChD,IAAI,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAChD,KAAK,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IACjD,KAAK,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;CAClD,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;IACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAChB,CAAC;AACF,MAAM,kBAAkB,GACtB,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;AAItE,8EAA8E;AAC9E,IAAI,YAAwE,CAAC;AAE7E,SAAS,MAAM,CAAC,IAAY;IAC1B,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAS,+BAA+B,CAAC,WAAoB;IAC3D,IAAI,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAClE,MAAM,IAAI,GAAmC;YAC3C,mBAAmB;YACnB,iBAAiB;YACjB,cAAc;YACd,YAAY;YACZ,qBAAqB;YACrB,iBAAiB;SAClB,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uFAAuF;IACzF,CAAC;AACH,CAAC;AAED,SAAS,WAAW;IAClB,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IACzE,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwExB,CAAC;AAEF,SAAS,QAAQ;IACf,OAAO,CAAC,KAAK,CAAC,8BAAmB,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,4BAA4B;IAC5B,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,WAAW,EAAE,CAAC;IAChB,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,QAAQ,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,iDAAiD;IACjD,MAAM,aAAa,GAAG,IAAI,8BAAmB,EAAE,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC;IAC/C,+BAA+B,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEhD,0CAA0C;IAC1C,IAAI,MAAM,CAAC,cAAc,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,MAAM,CAAC,cAAc,CAAC;IAC1D,CAAC;IAED,MAAM,WAAW,GAAG;QAClB,UAAU,EAAE,SAAgB;QAC5B,MAAM,EAAE,SAAS;KACO,CAAC;IAE3B,uEAAuE;IACvE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7D,IAAA,0CAAkB,EAAC,UAAU,CAAC,CAAC;IAE/B,0EAA0E;IAC1E,kEAAkE;IAClE,8DAA8D;IAC9D,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,gBAAgB,CAAC,IAAI,CAAC,IAAI,iCAAsB,CAAC,WAAW,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,gBAAgB,CAAC,IAAI,CAAC,IAAI,gCAAqB,CAAC,WAAW,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,gBAAgB,CAAC,IAAI,CAAC,IAAI,+BAAoB,CAAC,WAAW,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAChC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAoB,EAAE,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,aAAa,CAAC,IAAI,CAChB,IAAI,gCAAqB,CACvB,WAAW,EACX,mBAAmB,EACnB,IAAI,iCAAsB,EAAE,CAC7B,CACF,CAAC;QACF,aAAa,CAAC,IAAI,CAAC,IAAI,8BAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,aAAa,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC;IACxC,yCAAyC;IACzC,aAAa,CAAC,IAAI,CAAC,IAAI,8BAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;IAEzD,MAAM,gBAAgB,GAAG,IAAI,wDAAyB,CAAC,aAAa,CAAC,CAAC;IAEtE,0CAA0C;IAC1C,MAAM,YAAY,GAAG,sCAAgB,CAAC,gBAAgB,CACpD,MAAM,EACN,kBAAkB,CACnB,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAI,4BAAiB,CAAC,YAAY,CAAC,CAAC;IAE9D,8DAA8D;IAC9D,MAAM,iBAAiB,CAAC,uBAAuB,EAAE,CAAC;IAElD,uEAAuE;IACvE,MAAM,aAAa,GAAG,iBAAiB,CAAC,gBAAgB,EAAE,CAAC;IAC3D,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,+CAA+C;YAC/C,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,mBAAmB,CACxD,MAAM,CAAC,cAAc,IAAI,SAAS,CACnC,CAAC;YAEF,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,aAAa,GAAsB;oBACvC,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,QAAQ,EAAE,UAAU,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,UAAU,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,UAAU,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,UAAU,CAAC,kBAAkB;iBACxC,CAAC;gBAEF,yCAAyC;gBACzC,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MACjB,aACD,CAAC,YAAY,EAAE,sBAAsB,EAAE,CACtC,MAAM,CAAC,cAAc,IAAI,SAAS,CACnC,CAAC;oBACF,IAAI,UAAU,EAAE,CAAC;wBACf,aAAa,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;wBACzC,aAAa,CAAC,WAAW,GAAG,UAAU,CAAC,WAAW,CAAC;wBACnD,aAAa,CAAC,eAAe,GAAG,UAAU,CAAC,eAAe,CAAC;wBAC3D,aAAa,CAAC,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;oBACvD,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,mCAAmC;gBACrC,CAAC;gBAED,mBAAmB;gBACnB,IAAI,MAAM,GAAG,SAAS,CAAC;gBACvB,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC1B,MAAM,GAAG,gBAAgB,MAAM,CAAC,cAAc,EAAE,CAAC;gBACnD,CAAC;qBAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC1B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC;gBAC1B,CAAC;gBAED,OAAO,CAAC,KAAK,CAAC,IAAA,qCAA0B,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gDAAgD;YAChD,OAAO,CAAC,KAAK,CACX,iDAAiD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC1G,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACnD,6CAA6C;QAC7C,OAAO,CAAC,KAAK,CACX,8DAA8D,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,cAAc,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;QACjC,4EAA4E;QAC5E,MAAM,mBAAmB,GACvB,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACpE,MAAM,gBAAgB,GAAG,mBAAmB;YAC1C,CAAC,CAAC,MAAM,iBAAiB,CAAC,qBAAqB,CAAC,mBAAmB,CAAC;YACpE,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,MAA+B,CAAC;QACpC,IAAI,SAAiB,CAAC;QAEtB,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,GAAG,gBAAgB,CAAC;YAC1B,SAAS,GAAG,mBAAoB,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,0DAA0D;YAC1D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC;YACvE,MAAM,cAAc,GAAG,IAAI,kBAAkB,EAAE,CAAC;YAChD,MAAM,GAAG;gBACP,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACvB,UAAU,EAAE,cAAqB;oBACjC,MAAM,EAAE,EAAS;oBACjB,MAAM,EAAE,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAS;oBACxD,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;iBACvB,CAAC;gBACF,mBAAmB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBAChC,UAAU,EAAE,aAAa;oBACzB,QAAQ,EAAE,OAAO;oBACjB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,MAAM;iBACjB,CAAC;gBACF,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS;aACzB,CAAC;YACT,SAAS,GAAG,MAAM,CAAC;YACnB,OAAO,CAAC,KAAK,CACX,oEAAoE,CACrE,CAAC;YACF,OAAO,CAAC,KAAK,CACX,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,4BAAW,CAAC,gBAAgB,EAAE,MAAO,EAAE;YACxD,MAAM,EAAE,kBAAkB;SAC3B,CAAC,CAAC;QACH,YAAY,GAAG,MAAM,CAAC;QACtB,MAAM,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9B,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,wBAAS,CAAC,gBAAgB,EAAE,iBAAiB,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,kBAAkB,EAChB,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YACnE,MAAM,EAAE,kBAAkB;YAC1B,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;
|
|
1
|
+
{"version":3,"file":"launcher.js","sourceRoot":"","sources":["../../src/server/launcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4CAA8B;AAC9B,gDAAkC;AAClC,+CAAiC;AACjC,mDAAyD;AACzD,qDAA6D;AAC7D,+EAAyE;AACzE,8DAOyC;AACzC,yEAAoF;AAKpF,wGAAkG;AAClG,8CAGyB;AACzB,+DAAyD;AACzD,iDAA2C;AAC3C,qDAA+C;AAC/C,uEAAiE;AAEjE,MAAM,YAAY,GAAG;IACnB,IAAI,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAChD,IAAI,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAChD,KAAK,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IACjD,KAAK,EAAE,CAAC,GAAG,IAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;CAClD,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;IACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAChB,CAAC;AACF,MAAM,kBAAkB,GACtB,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;AAItE,8EAA8E;AAC9E,IAAI,YAAwE,CAAC;AAE7E,SAAS,MAAM,CAAC,IAAY;IAC1B,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAS,+BAA+B,CAAC,WAAoB;IAC3D,IAAI,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAClE,MAAM,IAAI,GAAmC;YAC3C,mBAAmB;YACnB,iBAAiB;YACjB,cAAc;YACd,YAAY;YACZ,qBAAqB;YACrB,iBAAiB;SAClB,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uFAAuF;IACzF,CAAC;AACH,CAAC;AAED,SAAS,WAAW;IAClB,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IACzE,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwExB,CAAC;AAEF,SAAS,QAAQ;IACf,OAAO,CAAC,KAAK,CAAC,8BAAmB,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,4BAA4B;IAC5B,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,WAAW,EAAE,CAAC;IAChB,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,QAAQ,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,iDAAiD;IACjD,MAAM,aAAa,GAAG,IAAI,8BAAmB,EAAE,CAAC;IAChD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC;IAC/C,+BAA+B,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEhD,0CAA0C;IAC1C,IAAI,MAAM,CAAC,cAAc,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,MAAM,CAAC,cAAc,CAAC;IAC1D,CAAC;IAED,MAAM,WAAW,GAAG;QAClB,UAAU,EAAE,SAAgB;QAC5B,MAAM,EAAE,SAAS;KACO,CAAC;IAE3B,uEAAuE;IACvE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7D,IAAA,0CAAkB,EAAC,UAAU,CAAC,CAAC;IAE/B,0EAA0E;IAC1E,kEAAkE;IAClE,8DAA8D;IAC9D,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,gBAAgB,CAAC,IAAI,CAAC,IAAI,iCAAsB,CAAC,WAAW,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,gBAAgB,CAAC,IAAI,CAAC,IAAI,gCAAqB,CAAC,WAAW,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,gBAAgB,CAAC,IAAI,CAAC,IAAI,+BAAoB,CAAC,WAAW,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAChC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAoB,EAAE,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,aAAa,CAAC,IAAI,CAChB,IAAI,gCAAqB,CACvB,WAAW,EACX,mBAAmB,EACnB,IAAI,iCAAsB,EAAE,CAC7B,CACF,CAAC;QACF,aAAa,CAAC,IAAI,CAAC,IAAI,8BAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,aAAa,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC;IACxC,yCAAyC;IACzC,aAAa,CAAC,IAAI,CAAC,IAAI,8BAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;IAEzD,MAAM,gBAAgB,GAAG,IAAI,wDAAyB,CAAC,aAAa,CAAC,CAAC;IAEtE,0CAA0C;IAC1C,MAAM,YAAY,GAAG,sCAAgB,CAAC,gBAAgB,CACpD,MAAM,EACN,kBAAkB,CACnB,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAI,4BAAiB,CAAC,YAAY,CAAC,CAAC;IAE9D,8DAA8D;IAC9D,MAAM,iBAAiB,CAAC,uBAAuB,EAAE,CAAC;IAElD,uEAAuE;IACvE,MAAM,aAAa,GAAG,iBAAiB,CAAC,gBAAgB,EAAE,CAAC;IAC3D,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,+CAA+C;YAC/C,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,mBAAmB,CACxD,MAAM,CAAC,cAAc,IAAI,SAAS,CACnC,CAAC;YAEF,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,aAAa,GAAsB;oBACvC,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,SAAS,EAAE,UAAU,CAAC,SAAS;oBAC/B,QAAQ,EAAE,UAAU,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,UAAU,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,UAAU,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,UAAU,CAAC,kBAAkB;iBACxC,CAAC;gBAEF,yCAAyC;gBACzC,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MACjB,aACD,CAAC,YAAY,EAAE,sBAAsB,EAAE,CACtC,MAAM,CAAC,cAAc,IAAI,SAAS,CACnC,CAAC;oBACF,IAAI,UAAU,EAAE,CAAC;wBACf,aAAa,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;wBACzC,aAAa,CAAC,WAAW,GAAG,UAAU,CAAC,WAAW,CAAC;wBACnD,aAAa,CAAC,eAAe,GAAG,UAAU,CAAC,eAAe,CAAC;wBAC3D,aAAa,CAAC,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;oBACvD,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,mCAAmC;gBACrC,CAAC;gBAED,mBAAmB;gBACnB,IAAI,MAAM,GAAG,SAAS,CAAC;gBACvB,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC1B,MAAM,GAAG,gBAAgB,MAAM,CAAC,cAAc,EAAE,CAAC;gBACnD,CAAC;qBAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC1B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC;gBAC1B,CAAC;gBAED,OAAO,CAAC,KAAK,CAAC,IAAA,qCAA0B,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gDAAgD;YAChD,OAAO,CAAC,KAAK,CACX,iDAAiD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC1G,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACnD,6CAA6C;QAC7C,OAAO,CAAC,KAAK,CACX,8DAA8D,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,cAAc,EAAE,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;QACjC,4EAA4E;QAC5E,MAAM,mBAAmB,GACvB,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACpE,MAAM,gBAAgB,GAAG,mBAAmB;YAC1C,CAAC,CAAC,MAAM,iBAAiB,CAAC,qBAAqB,CAAC,mBAAmB,CAAC;YACpE,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,MAA+B,CAAC;QACpC,IAAI,SAAiB,CAAC;QAEtB,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,GAAG,gBAAgB,CAAC;YAC1B,SAAS,GAAG,mBAAoB,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,0DAA0D;YAC1D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC;YACvE,MAAM,cAAc,GAAG,IAAI,kBAAkB,EAAE,CAAC;YAChD,MAAM,GAAG;gBACP,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBACvB,UAAU,EAAE,cAAqB;oBACjC,MAAM,EAAE,EAAS;oBACjB,MAAM,EAAE,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAS;oBACxD,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;iBACvB,CAAC;gBACF,mBAAmB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;oBAChC,UAAU,EAAE,aAAa;oBACzB,QAAQ,EAAE,OAAO;oBACjB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,MAAM;iBACjB,CAAC;gBACF,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,SAAS;aACzB,CAAC;YACT,SAAS,GAAG,MAAM,CAAC;YACnB,OAAO,CAAC,KAAK,CACX,oEAAoE,CACrE,CAAC;YACF,OAAO,CAAC,KAAK,CACX,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,4BAAW,CAAC,gBAAgB,EAAE,MAAO,EAAE;YACxD,MAAM,EAAE,kBAAkB;SAC3B,CAAC,CAAC;QACH,YAAY,GAAG,MAAM,CAAC;QACtB,MAAM,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9B,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,wBAAS,CAAC,gBAAgB,EAAE,iBAAiB,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,kBAAkB,EAChB,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YACnE,MAAM,EAAE,kBAAkB;YAC1B,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;YACrD,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,4BAA4B,EAAE,MAAM,CAAC,4BAA4B;SAClE,CAAC,CAAC;QACH,YAAY,GAAG,MAAM,CAAC;QACtB,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO;IACT,CAAC;IAED,OAAO;IACP,MAAM,MAAM,GAAG,IAAI,8CAAoB,CAAC,gBAAgB,EAAE,iBAAiB,EAAE;QAC3E,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,IAAI,EAAE,MAAM,CAAC,QAAQ;QACrB,kBAAkB,EAChB,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QACnE,MAAM,EAAE,kBAAkB;QAC1B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;QACrD,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,4BAA4B,EAAE,MAAM,CAAC,4BAA4B;KAClE,CAAC,CAAC;IACH,YAAY,GAAG,MAAM,CAAC;IACtB,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;AACvB,CAAC;AAED,KAAK,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACxB,sCAAsC;IACtC,OAAO,CAAC,KAAK,CACX,wBAAwB,EACxB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -66,6 +66,9 @@ http:
|
|
|
66
66
|
# When using 0.0.0.0, client must provide all connection headers - server won't use default destination
|
|
67
67
|
host: 127.0.0.1
|
|
68
68
|
json-response: false
|
|
69
|
+
allowed-hosts: [] # DNS-rebinding protection: exact Host values incl. port, e.g. ["localhost:3000"]
|
|
70
|
+
allowed-origins: [] # DNS-rebinding protection: exact Origin values incl. scheme, e.g. ["https://app.example.com"]
|
|
71
|
+
enable-dns-protection: false # Enable Host/Origin allowlist validation (needs at least one list set)
|
|
69
72
|
|
|
70
73
|
# SSE (Server-Sent Events) transport options
|
|
71
74
|
sse:
|
|
@@ -73,6 +76,9 @@ sse:
|
|
|
73
76
|
# Host binding: 127.0.0.1 (default, localhost only, secure) or 0.0.0.0 (all interfaces, less secure)
|
|
74
77
|
# When using 0.0.0.0, client must provide all connection headers - server won't use default destination
|
|
75
78
|
host: 127.0.0.1
|
|
79
|
+
allowed-hosts: [] # DNS-rebinding protection: exact Host values incl. port, e.g. ["localhost:3001"]
|
|
80
|
+
allowed-origins: [] # DNS-rebinding protection: exact Origin values incl. scheme, e.g. ["https://app.example.com"]
|
|
81
|
+
enable-dns-protection: false # Enable Host/Origin allowlist validation (needs at least one list set)
|
|
76
82
|
```
|
|
77
83
|
|
|
78
84
|
## Configuration Options
|
|
@@ -97,6 +103,9 @@ sse:
|
|
|
97
103
|
| `http.port` | number | `3000` | HTTP server port |
|
|
98
104
|
| `http.host` | string | `127.0.0.1` | HTTP server host (`127.0.0.1`/`localhost` for local only, `0.0.0.0` for all interfaces) |
|
|
99
105
|
| `http.json-response` | boolean | `false` | Enable JSON response format |
|
|
106
|
+
| `http.allowed-hosts` | string[] | `[]` | DNS-rebinding protection: exact Host header values to allow, including port (e.g. `localhost:3000`). NOT browser CORS — no Access-Control-Allow-Origin headers are emitted. |
|
|
107
|
+
| `http.allowed-origins` | string[] | `[]` | DNS-rebinding protection: exact Origin header values to allow, including scheme (e.g. `https://app.example.com`). |
|
|
108
|
+
| `http.enable-dns-protection` | boolean | `false` | Enable Host/Origin allowlist validation. Required for `allowed-hosts`/`allowed-origins` to take effect; needs at least one list set. Non-allowlisted Host/Origin → HTTP 403. |
|
|
100
109
|
|
|
101
110
|
### SSE Options
|
|
102
111
|
|
|
@@ -104,6 +113,9 @@ sse:
|
|
|
104
113
|
|--------|------|---------|-------------|
|
|
105
114
|
| `sse.port` | number | `3001` | SSE server port |
|
|
106
115
|
| `sse.host` | string | `127.0.0.1` | SSE server host |
|
|
116
|
+
| `sse.allowed-hosts` | string[] | `[]` | DNS-rebinding protection: exact Host header values to allow, including port (e.g. `localhost:3001`). NOT browser CORS — no Access-Control-Allow-Origin headers are emitted. |
|
|
117
|
+
| `sse.allowed-origins` | string[] | `[]` | DNS-rebinding protection: exact Origin header values to allow, including scheme (e.g. `https://app.example.com`). |
|
|
118
|
+
| `sse.enable-dns-protection` | boolean | `false` | Enable Host/Origin allowlist validation. Required for `allowed-hosts`/`allowed-origins` to take effect; needs at least one list set. Non-allowlisted Host/Origin → HTTP 403. |
|
|
107
119
|
|
|
108
120
|
## Examples
|
|
109
121
|
|
|
@@ -458,7 +458,11 @@ Instead of command-line arguments, you can use environment variables:
|
|
|
458
458
|
|
|
459
459
|
1. **Never commit** `.env` files with credentials to git
|
|
460
460
|
2. **Use JWT authentication** for production environments
|
|
461
|
-
3. **Enable DNS protection** for HTTP/SSE servers exposed to network
|
|
461
|
+
3. **Enable DNS-rebinding protection** for HTTP/SSE servers exposed to network — use `--http-enable-dns-protection` with `--http-allowed-hosts` to restrict which Host headers are accepted. Example:
|
|
462
|
+
```bash
|
|
463
|
+
mcp-abap-adt --transport=http --http-enable-dns-protection --http-allowed-hosts=localhost:3000
|
|
464
|
+
```
|
|
465
|
+
This is Host/Origin allowlist validation, NOT browser CORS — no `Access-Control-Allow-Origin` headers are emitted. A non-allowlisted Host gets HTTP 403. The `--http-allowed-hosts` value must include the port (e.g. `localhost:3000`, not `localhost`).
|
|
462
466
|
4. **Use HTTPS** in production (configure reverse proxy)
|
|
463
467
|
|
|
464
468
|
## Next Steps
|
|
@@ -430,12 +430,18 @@ All server commands (`mcp-abap-adt`, `mcp-abap-adt --transport=http`, `mcp-abap-
|
|
|
430
430
|
- `--port=<port>` - Server port (default: 3000 for http)
|
|
431
431
|
- `--path=<path>` / `--http-path=<path>` (alias) - HTTP endpoint path (default: /mcp/stream/http)
|
|
432
432
|
- `--http-json-response` - Enable JSON response format
|
|
433
|
+
- `--http-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3000`)
|
|
434
|
+
- `--http-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
435
|
+
- `--http-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); needs at least one list set; non-allowlisted Host/Origin → HTTP 403
|
|
433
436
|
|
|
434
437
|
**SSE Server Options (for `mcp-abap-adt --transport=sse`):**
|
|
435
438
|
- `--host=<host>` - Server host (default: 127.0.0.1; use 0.0.0.0 for all interfaces)
|
|
436
439
|
- `--port=<port>` - Server port (default: 3001 for sse)
|
|
437
440
|
- `--sse-path=<path>` - SSE connection path (default: /sse)
|
|
438
441
|
- `--post-path=<path>` - SSE message post path (default: /messages)
|
|
442
|
+
- `--sse-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3001`)
|
|
443
|
+
- `--sse-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
444
|
+
- `--sse-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); needs at least one list set; non-allowlisted Host/Origin → HTTP 403
|
|
439
445
|
|
|
440
446
|
**Environment Variables:**
|
|
441
447
|
|
|
@@ -447,8 +453,14 @@ You can also configure the server using environment variables.
|
|
|
447
453
|
- `MCP_TRANSPORT` - Default transport type (stdio|http|sse)
|
|
448
454
|
- `MCP_HTTP_PORT` - Default HTTP port
|
|
449
455
|
- `MCP_HTTP_HOST` - Default HTTP host (default: 127.0.0.1)
|
|
456
|
+
- `MCP_HTTP_ALLOWED_HOSTS` - Comma-separated exact Host header values (DNS-rebinding protection; includes port, e.g. `localhost:3000`)
|
|
457
|
+
- `MCP_HTTP_ALLOWED_ORIGINS` - Comma-separated exact Origin header values (DNS-rebinding protection; includes scheme)
|
|
458
|
+
- `MCP_HTTP_ENABLE_DNS_PROTECTION` - Enable HTTP Host/Origin allowlist validation (true|false; NOT browser CORS — no Access-Control-Allow-Origin headers are emitted)
|
|
450
459
|
- `MCP_SSE_PORT` - Default SSE port
|
|
451
460
|
- `MCP_SSE_HOST` - Default SSE host (default: 127.0.0.1)
|
|
461
|
+
- `MCP_SSE_ALLOWED_HOSTS` - Comma-separated exact Host header values (DNS-rebinding protection; includes port, e.g. `localhost:3001`)
|
|
462
|
+
- `MCP_SSE_ALLOWED_ORIGINS` - Comma-separated exact Origin header values (DNS-rebinding protection; includes scheme)
|
|
463
|
+
- `MCP_SSE_ENABLE_DNS_PROTECTION` - Enable SSE Host/Origin allowlist validation (true|false; NOT browser CORS — no Access-Control-Allow-Origin headers are emitted)
|
|
452
464
|
- `MCP_UNSAFE` - Disable connection validation (true|false)
|
|
453
465
|
- `MCP_USE_AUTH_BROKER` - Force auth-broker usage (true|false)
|
|
454
466
|
- `MCP_BROWSER` - Browser for OAuth2 flow (e.g., chrome, firefox)
|
|
@@ -370,6 +370,9 @@ mcp-abap-adt --transport=streamable-http --port=8080
|
|
|
370
370
|
- `--host=<host>` - Server host (default: 127.0.0.1; use 0.0.0.0 for all interfaces)
|
|
371
371
|
- `--port=<port>` - Server port (default: 3000 for http)
|
|
372
372
|
- `--path=<path>` (alias `--http-path=<path>`) - HTTP endpoint path (default: /mcp/stream/http)
|
|
373
|
+
- `--http-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3000`)
|
|
374
|
+
- `--http-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
375
|
+
- `--http-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); non-allowlisted Host/Origin → HTTP 403
|
|
373
376
|
|
|
374
377
|
**Example with custom port:**
|
|
375
378
|
```bash
|
|
@@ -426,6 +429,9 @@ mcp-abap-adt --transport=sse --port=3001 --env=/path/to/your/e19.env
|
|
|
426
429
|
- `--sse-path=<path>` - SSE connection path (default: /sse)
|
|
427
430
|
- `--post-path=<path>` - SSE message post path (default: /messages)
|
|
428
431
|
- `--env=PATH` - Path to `.env` file (required for SSE mode)
|
|
432
|
+
- `--sse-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3001`)
|
|
433
|
+
- `--sse-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
434
|
+
- `--sse-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); non-allowlisted Host/Origin → HTTP 403
|
|
429
435
|
|
|
430
436
|
**Example with custom port and host:**
|
|
431
437
|
```bash
|
|
@@ -315,6 +315,9 @@ mcp-abap-adt --transport=streamable-http --port=8080
|
|
|
315
315
|
- `--host=<host>` - Server host (default: 127.0.0.1; use 0.0.0.0 for all interfaces)
|
|
316
316
|
- `--port=<port>` - Server port (default: 3000 for http)
|
|
317
317
|
- `--path=<path>` (alias `--http-path=<path>`) - HTTP endpoint path (default: /mcp/stream/http)
|
|
318
|
+
- `--http-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3000`)
|
|
319
|
+
- `--http-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
320
|
+
- `--http-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); non-allowlisted Host/Origin → HTTP 403
|
|
318
321
|
|
|
319
322
|
**Example with custom port:**
|
|
320
323
|
```bash
|
|
@@ -371,6 +374,9 @@ mcp-abap-adt --transport=sse --port=3001 --env=/path/to/your/e19.env
|
|
|
371
374
|
- `--sse-path=<path>` - SSE connection path (default: /sse)
|
|
372
375
|
- `--post-path=<path>` - SSE message post path (default: /messages)
|
|
373
376
|
- `--env=PATH` - Path to `.env` file (required for SSE mode)
|
|
377
|
+
- `--sse-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3001`)
|
|
378
|
+
- `--sse-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
379
|
+
- `--sse-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); non-allowlisted Host/Origin → HTTP 403
|
|
374
380
|
|
|
375
381
|
**Example with custom port and host:**
|
|
376
382
|
```bash
|
|
@@ -324,6 +324,9 @@ mcp-abap-adt --transport=streamable-http --port=8080
|
|
|
324
324
|
- `--host=<host>` - Server host (default: 127.0.0.1; use 0.0.0.0 for all interfaces)
|
|
325
325
|
- `--port=<port>` - Server port (default: 3000 for http)
|
|
326
326
|
- `--path=<path>` (alias `--http-path=<path>`) - HTTP endpoint path (default: /mcp/stream/http)
|
|
327
|
+
- `--http-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3000`)
|
|
328
|
+
- `--http-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
329
|
+
- `--http-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); non-allowlisted Host/Origin → HTTP 403
|
|
327
330
|
|
|
328
331
|
**Example with custom port:**
|
|
329
332
|
```powershell
|
|
@@ -380,6 +383,9 @@ mcp-abap-adt --transport=sse --port=3001 --env=C:\\path\\to\\your\\e19.env
|
|
|
380
383
|
- `--sse-path=<path>` - SSE connection path (default: /sse)
|
|
381
384
|
- `--post-path=<path>` - SSE message post path (default: /messages)
|
|
382
385
|
- `--env=PATH` - Path to `.env` file (required for SSE mode)
|
|
386
|
+
- `--sse-allowed-hosts=<list>` - Comma-separated exact Host header values for DNS-rebinding protection (includes port, e.g. `localhost:3001`)
|
|
387
|
+
- `--sse-allowed-origins=<list>` - Comma-separated exact Origin header values for DNS-rebinding protection (includes scheme, e.g. `https://app.example.com`)
|
|
388
|
+
- `--sse-enable-dns-protection` - Enable Host/Origin allowlist validation (NOT browser CORS — no Access-Control-Allow-Origin headers are emitted); non-allowlisted Host/Origin → HTTP 403
|
|
383
389
|
|
|
384
390
|
**Example with custom port and host:**
|
|
385
391
|
```powershell
|
|
@@ -278,6 +278,30 @@ Enable JSON response format.
|
|
|
278
278
|
mcp-abap-adt --transport=http --http-json-response
|
|
279
279
|
```
|
|
280
280
|
|
|
281
|
+
### DNS-Rebinding Protection (HTTP)
|
|
282
|
+
|
|
283
|
+
DNS-rebinding protection (Host + Origin allowlist; NOT browser CORS — no Access-Control-Allow-Origin headers are emitted):
|
|
284
|
+
|
|
285
|
+
- `--http-allowed-hosts=<list>` Comma-separated exact Host header values to allow,
|
|
286
|
+
including port (e.g. `localhost:3000`).
|
|
287
|
+
- `--http-allowed-origins=<list>` Comma-separated exact Origin header values to allow,
|
|
288
|
+
including scheme (e.g. `https://app.example.com`).
|
|
289
|
+
- `--http-enable-dns-protection` Enable validation. Required for the allowlists to take
|
|
290
|
+
effect; needs at least one of the two lists set.
|
|
291
|
+
A non-allowlisted Host/Origin gets HTTP 403.
|
|
292
|
+
|
|
293
|
+
Only effective when `--http-enable-dns-protection` is set AND at least one allowlist is non-empty.
|
|
294
|
+
Env vars: `MCP_HTTP_ALLOWED_HOSTS`, `MCP_HTTP_ALLOWED_ORIGINS`, `MCP_HTTP_ENABLE_DNS_PROTECTION`.
|
|
295
|
+
YAML keys: `http.allowed-hosts`, `http.allowed-origins`, `http.enable-dns-protection`.
|
|
296
|
+
|
|
297
|
+
```bash
|
|
298
|
+
# Enable DNS-rebinding protection for HTTP transport
|
|
299
|
+
mcp-abap-adt --transport=http \
|
|
300
|
+
--http-enable-dns-protection \
|
|
301
|
+
--http-allowed-hosts=localhost:3000 \
|
|
302
|
+
--http-allowed-origins=https://app.example.com
|
|
303
|
+
```
|
|
304
|
+
|
|
281
305
|
### Complete HTTP Example
|
|
282
306
|
|
|
283
307
|
```bash
|
|
@@ -338,6 +362,30 @@ SSE message post path (default: /messages).
|
|
|
338
362
|
mcp-abap-adt --transport=sse --sse-path=/sse --post-path=/messages
|
|
339
363
|
```
|
|
340
364
|
|
|
365
|
+
### DNS-Rebinding Protection (SSE)
|
|
366
|
+
|
|
367
|
+
DNS-rebinding protection (Host + Origin allowlist; NOT browser CORS — no Access-Control-Allow-Origin headers are emitted):
|
|
368
|
+
|
|
369
|
+
- `--sse-allowed-hosts=<list>` Comma-separated exact Host header values to allow,
|
|
370
|
+
including port (e.g. `localhost:3001`).
|
|
371
|
+
- `--sse-allowed-origins=<list>` Comma-separated exact Origin header values to allow,
|
|
372
|
+
including scheme (e.g. `https://app.example.com`).
|
|
373
|
+
- `--sse-enable-dns-protection` Enable validation. Required for the allowlists to take
|
|
374
|
+
effect; needs at least one of the two lists set.
|
|
375
|
+
A non-allowlisted Host/Origin gets HTTP 403.
|
|
376
|
+
|
|
377
|
+
Only effective when `--sse-enable-dns-protection` is set AND at least one allowlist is non-empty.
|
|
378
|
+
Env vars: `MCP_SSE_ALLOWED_HOSTS`, `MCP_SSE_ALLOWED_ORIGINS`, `MCP_SSE_ENABLE_DNS_PROTECTION`.
|
|
379
|
+
YAML keys: `sse.allowed-hosts`, `sse.allowed-origins`, `sse.enable-dns-protection`.
|
|
380
|
+
|
|
381
|
+
```bash
|
|
382
|
+
# Enable DNS-rebinding protection for SSE transport
|
|
383
|
+
mcp-abap-adt --transport=sse \
|
|
384
|
+
--sse-enable-dns-protection \
|
|
385
|
+
--sse-allowed-hosts=localhost:3001 \
|
|
386
|
+
--sse-allowed-origins=https://app.example.com
|
|
387
|
+
```
|
|
388
|
+
|
|
341
389
|
### Complete SSE Example
|
|
342
390
|
|
|
343
391
|
```bash
|
|
@@ -366,11 +414,17 @@ Alternative to command line arguments. Environment variables can be set in shell
|
|
|
366
414
|
- `MCP_HTTP_PORT` - Default HTTP port
|
|
367
415
|
- `MCP_HTTP_HOST` - Default HTTP host (default: 127.0.0.1)
|
|
368
416
|
- `MCP_HTTP_ENABLE_JSON_RESPONSE` - Enable JSON responses (true|false)
|
|
417
|
+
- `MCP_HTTP_ALLOWED_HOSTS` - Comma-separated exact Host header values (DNS-rebinding protection; includes port, e.g. `localhost:3000`)
|
|
418
|
+
- `MCP_HTTP_ALLOWED_ORIGINS` - Comma-separated exact Origin header values (DNS-rebinding protection; includes scheme, e.g. `https://app.example.com`)
|
|
419
|
+
- `MCP_HTTP_ENABLE_DNS_PROTECTION` - Enable Host/Origin allowlist validation (true|false; NOT browser CORS — no Access-Control-Allow-Origin headers are emitted)
|
|
369
420
|
|
|
370
421
|
### SSE Transport
|
|
371
422
|
|
|
372
423
|
- `MCP_SSE_PORT` - Default SSE port
|
|
373
424
|
- `MCP_SSE_HOST` - Default SSE host
|
|
425
|
+
- `MCP_SSE_ALLOWED_HOSTS` - Comma-separated exact Host header values (DNS-rebinding protection; includes port, e.g. `localhost:3001`)
|
|
426
|
+
- `MCP_SSE_ALLOWED_ORIGINS` - Comma-separated exact Origin header values (DNS-rebinding protection; includes scheme, e.g. `https://app.example.com`)
|
|
427
|
+
- `MCP_SSE_ENABLE_DNS_PROTECTION` - Enable Host/Origin allowlist validation (true|false; NOT browser CORS — no Access-Control-Allow-Origin headers are emitted)
|
|
374
428
|
|
|
375
429
|
### SAP Connection
|
|
376
430
|
|