fix(security): replace permissive CORS wildcard with explicit allowlist#121
Merged
Merged
Conversation
The HTTP CORS configuration used setAllowedOriginPatterns("*") with
allowCredentials=true, which is Spring's escape hatch around the
browser rule that wildcards can't be used with credentials (MDN CORS
spec). Replace with the strict setAllowedOrigins API and a configurable
allowlist that defaults to the MCP Inspector's local proxy port.
Methods and headers also tightened to the explicit set used by the
Streamable HTTP transport per the MCP specification, replacing
"*" wildcards.
Operators add additional origins via the MCP_CORS_ALLOWED_ORIGINS env
var or the mcp.cors.allowed-origins property.
Refs:
- MDN CORS — Credentialed requests and wildcards
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
- OWASP HTML5 Security Cheat Sheet (CORS)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: adityamparikh <aditya.m.parikh@gmail.com>
This was referenced May 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The HTTP transport's CORS configuration used
setAllowedOriginPatterns(\"*\")together withallowCredentials=true. This is Spring's escape hatch around the MDN/W3C CORS rule that wildcard origins cannot be combined with credentials, and it triggers CWE-942 per the OWASP HTML5 Security Cheat Sheet.This PR switches to the strict
setAllowedOrigins(...)API backed by a configurable allowlist (mcp.cors.allowed-origins/MCP_CORS_ALLOWED_ORIGINS) that defaults to the MCP Inspector's local proxy ports (http://localhost:6274,http://127.0.0.1:6274).Allowed methods are tightened to
GET, POST, DELETE, OPTIONSand allowed headers toAuthorization, Content-Type, Mcp-Session-Id, MCP-Protocol-Version, Last-Event-ID— the explicit set required by the MCP Streamable HTTP transport spec. Operators running the MCP server with browser-based clients or dashboards beyond the Inspector add origins via the env var. Bearer-token auth flows continue to work becauseallowCredentialsis preserved.Test plan
References
🤖 Generated with Claude Code