fix: bind client to localhost to match server #529
Conversation
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
0345463 to
bdfc9e7
Compare
felixweinberger
requested review from
jenn-newton,
jerome3o-anthropic and
petery-ant
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
bdfc9e7 to
58661be
Compare
There was a problem hiding this comment.
Suggested a simple refactor of some duplicated lines.
Also... can we align the way we refer to the loopback, either make the link with the token be 127.0.0.1 instead of localhost (or make the host in the client and start script be localhost instead of 127.0.0.1).
Previously we were using 127.0.0.1 since it refers directly to the loopback and doesn't require DNS lookup, thus being slightly safer. However 127.0.0.1 is an IPv4 specific address and in IPv6 environments the loopback is ::1 and so could possibly lead to ECONNREFUSED. So localhost is arguably better for that purpose. An attacker would have to edit your hosts file to redirect 127.0.0.1 to an evil address, so you'd already have to have some compromise.
client/bin/start.js
Outdated
| const clientHost = process.env.HOST || "127.0.0.1"; | ||
| const url = authDisabled | ||
| ? `http://127.0.0.1:${CLIENT_PORT}` | ||
| : `http://127.0.0.1:${CLIENT_PORT}/?MCP_PROXY_AUTH_TOKEN=${sessionToken}`; | ||
| ? `http://${clientHost}:${CLIENT_PORT}` | ||
| : `http://${clientHost}:${CLIENT_PORT}/?MCP_PROXY_AUTH_TOKEN=${sessionToken}`; |
There was a problem hiding this comment.
These lines could be extract/refactored into a function and called from line 117 and line 156.
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
2 times, most recently
from
8b66a9e to
4a0225e
Compare
…acks Complete the security hardening started in e8e9909 by also binding the client to localhost only. Previously only the server was protected while the client remained exposed to the network, allowing attackers to access the server through the client as a proxy. Changes: - Add HOST environment variable support to client (prod mode) - Configure Vite dev server to bind to localhost by default - Update browser auto-open URLs to use actual host instead of hardcoded 127.0.0.1 - Fix missing cancelled parameter in startProdClient function 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
- Extract duplicated URL generation code into getClientUrl() helper function in start.js - Replace all 127.0.0.1 references with localhost for consistency across codebase - Update server to respect HOST environment variable for URL generation - Remove 127.0.0.1 from default allowed origins in CORS configuration - Update documentation to use localhost instead of 127.0.0.1 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
4a0225e to
f1525aa
Compare
There was a problem hiding this comment.
Added suggestions to fix a couple of PORT remnants from before we codified SERVER_PORT and CLIENT_PORT env vars. Below is how we want to control ports:
NOTE: Another (prior) issue exists where the client looks only for DEFAULT_MCP_PROXY_LISTEN_PORT unless MCP_PROXY_FULL_ADDRESS is set in config. A bit of a chicken/egg problem anyway since the config is fetched from the proxy's /config address. Thus if the proxy server is started on a port other than default, the client won't be able to find it.
Clearly that part needs to be revisited, since we now have a MCP_PROXY_TOKEN on the querystring, but that's for another PR, unless you feel like tackling it in this one. If SERVER_PORT was set in the environment (i.e., is not the default), we need to add it to the querystring and used in place of DEFAULT_MCP_PROXY_LISTEN_PORT in the client.
| @@ -531,7 +529,7 @@ app.get("/config", originValidationMiddleware, authMiddleware, (req, res) => { | |||
| }); | |||
|
|
|||
| const PORT = parseInt(process.env.PORT || "6277", 10); | |||
There was a problem hiding this comment.
| const PORT = parseInt(process.env.PORT || "6277", 10); | |
| const PORT = parseInt(process.env.SERVER_PORT || "6277", 10); |
We're using CLIENT_PORT and SERVER_PORT everywhere except here and . Thus you get a mismatch of the actual port the server is started on and what is reported on the terminal console if you just set PORT.
| @@ -40,18 +40,19 @@ const server = http.createServer((request, response) => { | |||
| }); | |||
|
|
|||
| const port = process.env.PORT || 6274; | |||
There was a problem hiding this comment.
| const port = process.env.PORT || 6274; | |
| const port = parseInt(process.env.CLIENT_PORT || "6274", 10); |
We're using CLIENT_PORT and SERVER_PORT everywhere except here and server/src/index.ts. Thus you get a mismatch of what's reported on the command line if you just set PORT
Bind client to localhost instead of all interfaces to match server
Motivation and Context
Complete the security hardening started in e8e9909 by also binding the client to localhost only.
Previously only the server was protected while the client remained exposed to the network,
allowing attackers to access the server through the client as a proxy.
Changes:
How Has This Been Tested?
prod:
npm run build && npm run start- worksdev:
npm run dev- workstest:
npm test- worksBreaking Changes
There may be instances where clients were inadvertently relying on clients binding to
*:6274in their setup - e.g. if accessing the inspector UI via a remotely hosted machine or similar.Types of changes
Checklist
Additional context