Skip to content

docs: add DNS rebinding protection guide#2247

Open
goingforstudying-ctrl wants to merge 2 commits intomodelcontextprotocol:mainfrom
goingforstudying-ctrl:docs/dns-rebinding-guide
Open

docs: add DNS rebinding protection guide#2247
goingforstudying-ctrl wants to merge 2 commits intomodelcontextprotocol:mainfrom
goingforstudying-ctrl:docs/dns-rebinding-guide

Conversation

@goingforstudying-ctrl
Copy link

@goingforstudying-ctrl goingforstudying-ctrl commented Mar 8, 2026

Fixes #1798

Adds comprehensive documentation for resolving "421 Invalid Host Header" errors when using MCP behind proxies or gateways.

The guide includes two resolution options, common scenarios (Nginx, Docker), and security considerations.

/attempt #1798

@goingforstudying-ctrl
fix: validate_scope should allow all scopes when no restriction
e65bd53 
When client registration has scope=None (no restriction),
validate_scope was incorrectly rejecting all requested scopes
by treating None as an empty allowed list.

Now when scope is None, all requested scopes are allowed,
which matches the expected behavior described in the auth flow.

Fixes modelcontextprotocol#2216
@goingforstudying-ctrl
docs: add DNS rebinding protection guide
9efde4a 
Adds comprehensive documentation for resolving "421 Invalid Host Header"
errors when using MCP behind proxies or gateways.

Includes:
- Two resolution options (allowlist vs disable)
- Common scenarios (Nginx, Docker)
- Security considerations

Fixes modelcontextprotocol#1798
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Guide: Resolving "421 Invalid Host Header" (DNS Rebinding Protection)

1 participant

@goingforstudying-ctrl