fix: bind client to localhost to match server #529
Conversation
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
0345463 to
bdfc9e7
Compare
felixweinberger
requested review from
jenn-newton,
jerome3o-anthropic and
petery-ant
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
bdfc9e7 to
58661be
Compare
There was a problem hiding this comment.
Suggested a simple refactor of some duplicated lines.
Also... can we align the way we refer to the loopback, either make the link with the token be 127.0.0.1 instead of localhost (or make the host in the client and start script be localhost instead of 127.0.0.1).
Previously we were using 127.0.0.1 since it refers directly to the loopback and doesn't require DNS lookup, thus being slightly safer. However 127.0.0.1 is an IPv4 specific address and in IPv6 environments the loopback is ::1 and so could possibly lead to ECONNREFUSED. So localhost is arguably better for that purpose. An attacker would have to edit your hosts file to redirect 127.0.0.1 to an evil address, so you'd already have to have some compromise.
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
3 times, most recently
from
4a0225e to
f1525aa
Compare
There was a problem hiding this comment.
Added suggestions to fix a couple of PORT remnants from before we codified SERVER_PORT and CLIENT_PORT env vars. Below is how we want to control ports:
NOTE: Another (prior) issue exists where the client looks only for DEFAULT_MCP_PROXY_LISTEN_PORT unless MCP_PROXY_FULL_ADDRESS is set in config. A bit of a chicken/egg problem anyway since the config is fetched from the proxy's /config address. Thus if the proxy server is started on a port other than default, the client won't be able to find it.
Clearly that part needs to be revisited, since we now have a MCP_PROXY_TOKEN on the querystring, but that's for another PR, unless you feel like tackling it in this one. If SERVER_PORT was set in the environment (i.e., is not the default), we need to add it to the querystring and used in place of DEFAULT_MCP_PROXY_LISTEN_PORT in the client.
cliffhall
added
the
waiting on submitter
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
585978c to
af206ed
Compare
Amended in the latest commit, great catch!
I'll pick this up in a follow-up PR. |
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
af206ed to
ab5d053
Compare
felixweinberger
requested review from
cliffhall
and removed request for
jenn-newton,
jerome3o-anthropic and
petery-ant
…acks Complete the security hardening started in e8e9909 by also binding the client to localhost only. Previously only the server was protected while the client remained exposed to the network, allowing attackers to access the server through the client as a proxy. Changes: - Add HOST environment variable support to client (prod mode) - Configure Vite dev server to bind to localhost by default - Update browser auto-open URLs to use actual host instead of hardcoded 127.0.0.1 - Fix missing cancelled parameter in startProdClient function 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
- Extract duplicated URL generation code into getClientUrl() helper function in start.js - Replace all 127.0.0.1 references with localhost for consistency across codebase - Update server to respect HOST environment variable for URL generation - Remove 127.0.0.1 from default allowed origins in CORS configuration - Update documentation to use localhost instead of 127.0.0.1 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
Per PR feedback from cliffhall: - Changed PORT to SERVER_PORT in server/src/index.ts - Changed PORT to CLIENT_PORT in client/bin/client.js - Added parseInt() for CLIENT_PORT consistency - Updated start.js to pass correct env var names This improves clarity by using specific environment variables for server and client ports instead of the generic PORT variable.
felixweinberger
force-pushed
the
fweinberger/client-localhost
branch
from
ab5d053 to
d0673ba
Compare
🎭 Playwright E2E Test Results✅ 12 passed Details12 tests across 1 suite 📊 View Detailed HTML Report (download artifacts) |
Addressed in #555 (cc @cliffhall) |
cliffhall
removed
the
waiting on submitter
Bind client to localhost instead of all interfaces to match server
Motivation and Context
Complete the security hardening started in e8e9909 by also binding the client to localhost only.
Previously only the server was protected while the client remained exposed to the network,
allowing attackers to access the server through the client as a proxy.
Changes:
How Has This Been Tested?
prod:
npm run build && npm run start- worksdev:
npm run dev- workstest:
npm test- worksBreaking Changes
There may be instances where clients were inadvertently relying on clients binding to
*:6274in their setup - e.g. if accessing the inspector UI via a remotely hosted machine or similar.Types of changes
Checklist
Additional context