The current implementation only allows localhost based URIs when using fixed redirect mode. However there are many legitimate cases where a user might want to proxy to an internal trusted domain rather than localhost.
For example, it may be that the user has many applications on the same trusted domain but with different URIs, each which requires MCP authentication. Having to manually register each is not ideal. This is where having a proxy from one known domain, i.e. the MCP server itself, proves useful.
I believe this is safe as long as the feature is opt-in, so that a user has to explicitly denote which domains it trusts. One way to do this is by introducing a new TrustedDomains variable for fixed redirect mode.
I have made a PR with a proposed solution here: #21
The current implementation only allows localhost based URIs when using fixed redirect mode. However there are many legitimate cases where a user might want to proxy to an internal trusted domain rather than localhost.
For example, it may be that the user has many applications on the same trusted domain but with different URIs, each which requires MCP authentication. Having to manually register each is not ideal. This is where having a proxy from one known domain, i.e. the MCP server itself, proves useful.
I believe this is safe as long as the feature is opt-in, so that a user has to explicitly denote which domains it trusts. One way to do this is by introducing a new
TrustedDomainsvariable for fixed redirect mode.I have made a PR with a proposed solution here: #21