Merge pull request #360 from presenton/fix/security

fix: changes host to localhost for everything except nginx
2025-11-27 23:38:15 +05:45 · 2025-11-27 23:38:15 +05:45 · aa864484df
commit aa864484df
parent 34a48e4450 dc17336508
3 changed files with 16 additions and 10 deletions
--- a/servers/fastapi/mcp_server.py
+++ b/servers/fastapi/mcp_server.py
@ -2,8 +2,6 @@ import sys
 import argparse
 import asyncio
 import traceback
-from urllib.parse import urljoin
-import time

 import httpx
 from fastmcp import FastMCP
@ -16,7 +14,9 @@ with open("openai_spec.json", "r") as f:
 async def main():
    try:
        print("DEBUG: MCP (OpenAPI) Server startup initiated")
-        parser = argparse.ArgumentParser(description="Run the MCP server (from OpenAPI)")
+        parser = argparse.ArgumentParser(
+            description="Run the MCP server (from OpenAPI)"
+        )
        parser.add_argument(
            "--port", type=int, default=8001, help="Port for the MCP HTTP server"
        )
@ -28,9 +28,7 @@ async def main():
            help="Display name for the generated MCP server",
        )
        args = parser.parse_args()
-        print(
-            f"DEBUG: Parsed args - port={args.port}"
-        )
+        print(f"DEBUG: Parsed args - port={args.port}")

        # Create an HTTP client that the MCP server will use to call the API
        api_client = httpx.AsyncClient(base_url="http://127.0.0.1:8000", timeout=60.0)
@ -46,10 +44,10 @@ async def main():

        # Start the MCP server
        uvicorn_config = {"reload": True}
-        print(f"DEBUG: Starting MCP server on host=0.0.0.0, port={args.port}")
+        print(f"DEBUG: Starting MCP server on host=127.0.0.1, port={args.port}")
        await mcp.run_async(
            transport="http",
-            host="0.0.0.0",
+            host="127.0.0.1",
            port=args.port,
            uvicorn_config=uvicorn_config,
        )
--- a/servers/fastapi/server.py
+++ b/servers/fastapi/server.py
@ -14,7 +14,7 @@ if __name__ == "__main__":
    
    uvicorn.run(
        "api.main:app",
-        host="0.0.0.0",
+        host="127.0.0.1",
        port=args.port,
        log_level="info",
        reload=reload,
--- a/start.js
+++ b/start.js
@ -138,7 +138,15 @@ const startServers = async () => {

  const nextjsProcess = spawn(
    "npm",
-    ["run", isDev ? "dev" : "start", "--", "-p", nextjsPort.toString()],
+    [
+      "run",
+      isDev ? "dev" : "start",
+      "--",
+      "-H",
+      "127.0.0.1",
+      "-p",
+      nextjsPort.toString(),
+    ],
    {
      cwd: nextjsDir,
      stdio: "inherit",