Skip to content

Commit 7a54cd3

Browse files
Address code review feedback
- Tighten DNS rebinding protection to only exact matches for localhost and 127.0.0.1 - Improve pragma comment to explain SEP-1330 backward compatibility requirement Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com>
1 parent 007a543 commit 7a54cd3

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

tests/ModelContextProtocol.ConformanceServer/Program.cs

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -101,9 +101,8 @@ public static async Task MainAsync(string[] args, ILoggerProvider? loggerProvide
101101
var hostHeader = port.HasValue ? $"{host}:{port.Value}" : host;
102102

103103
// Allow localhost and 127.0.0.1 on any port for conformance testing
104-
// In production, this should be more restrictive
105-
var allowed = host == "localhost" || host == "127.0.0.1" ||
106-
host.StartsWith("localhost.") || host.StartsWith("127.0.0.1.");
104+
// In production, this should be more restrictive with specific allowed hosts
105+
var allowed = host == "localhost" || host == "127.0.0.1";
107106

108107
if (!allowed)
109108
{

tests/ModelContextProtocol.ConformanceServer/Tools/ConformanceTools.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -350,7 +350,8 @@ public static async Task<string> ElicitationSep1330Enums(
350350
]
351351
},
352352
// 3. Legacy titled enum (deprecated - enum + enumNames)
353-
#pragma warning disable MCP9001 // Required for SEP-1330 conformance testing
353+
// Required for SEP-1330 conformance testing - tests backward compatibility with legacy enum format
354+
#pragma warning disable MCP9001
354355
["legacy_titled"] = new ElicitRequestParams.LegacyTitledEnumSchema()
355356
#pragma warning restore MCP9001
356357
{

0 commit comments

Comments
 (0)