Add support for DNS rebinding protections

[ddworken]

Motivation and Context

This implements the mitigations described here. To avoid breaking existing applications this doesn't enable any changes by-default, but enabling this feature is heavily encouraged for any local MCP servers using the SSE transport.

How Has This Been Tested?

Tested via unit tests.

Breaking Changes

To avoid introducing any breaking changes, the DNS rebinding protections are disabled by default. Ideally we should find a way to enable them by default. But for now, adding them as disabled is a good first step.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

[chemicL]

Thank you for the PR. I did the first round by going through the code in the mcp module. I believe the comments would apply also to the mcp-spring modules. Some questions, some suggestions here and there, but the most important themes are:

1. HTTP(2) protocol compliance - will how to make it work when there is :authority pseudo-header instead of Host?
2. MCP Spec compliance - does Host require checking? The spec only mentions Origin.
3. Since validation is enforced by the spec as a MUST i do feel we should enable validation with a breaking change. @tzolov looking forward to your input here as well.
4. Builder pattern consistency.
5. Javadocs improvements and filling the gaps.
6. Removing code duplication.

Thanks in advance for a follow-up and the work so far!

[chemicL]

Suggested change

	private final boolean enableDnsRebindingProtection;
	private final boolean enabled;

[chemicL]

Consider passing explicit arguments instead of the builder. Should the builder change, and it is mutable, this constructor could create instances that are in inconsistent state. The pattern present throughout the codebase is rather to pass explicit parameters instead of this cyclic dependency.

[chemicL]

In order to avoid having two means to instantiate the Builder, the constructor should be private. A static factory exists and it is the pattern that's used by this project.

[chemicL]

Missing javadoc

[chemicL]

Please add javadocs to the public class and its methods.

[chemicL]

Shouldn't the default behaviour be injected always unless the user specifically overrides it?

[chemicL]

To make it work with HTTP2, shouldn't https://jakarta.ee/specifications/servlet/6.0/apidocs/jakarta.servlet/jakarta/servlet/servletrequest#getServerName() be used instead?

[chemicL]

Please check AbstractMcpAsyncServerTests and the implementations. Do you think we could be able to have a generic test suite with just the transport-specific settings in the inheriting classes in the same fashion?

[chemicL]

DnsRebindingProtectionConfig -> DnsRebindingProtection.
I view this more as an entity that has behaviour via the validate() method, not just a set of configurations, so I'd skip the "Config" part.

[chemicL]

Suggested change

	public boolean validate(String hostHeader, String originHeader) {
	public boolean isValid(String hostHeader, String originHeader) {

[chemicL]

I would expect a validate method to throw an exception or have some effect instead. Since the return is a boolean, I think it's more reasonable to call the method isValid.

[chemicL]

Ah, please also remember to run spring-javaformat:apply before commiting to ensure the formatting checks pass.