SecurityConfig locks down an MCP SSE server with localhost-only binding, bearer-token authentication, and Origin validation.
Quick Start
1
Bind to localhost only
SecurityConfig defaults to bind_localhost_only=True. Pass its recommended bind address to run_sse.2
Require a bearer token
Set
require_auth=True and provide the token via MCP_SSE_AUTH_TOKEN. Requests without a matching Authorization: Bearer … header get a 401.How It Works
run_sse wraps the Starlette app with security middleware when a SecurityConfig requires auth or origin validation.
Configuration Options
Extracted fromSecurityConfig in praisonaiagents/mcp/mcp_security.py.
Token and origin overrides can also come from the environment:
Common Patterns
Choose a hardening level based on where the server runs. Localhost-only, no token — trusted single-machine use:Best Practices
Keep localhost binding on for local tools
Keep localhost binding on for local tools
Leave
bind_localhost_only=True (the default) for any server that only serves the local machine — it keeps 127.0.0.1 off the network.Require a token before exposing on a network
Require a token before exposing on a network
Set
require_auth=True and provide MCP_SSE_AUTH_TOKEN whenever the server is reachable beyond localhost.Restrict allowed origins
Restrict allowed origins
Narrow
allowed_origins to the exact hosts that should call the server instead of leaving the defaults when exposing it more widely.Store tokens in the environment
Store tokens in the environment
Read the token from
MCP_SSE_AUTH_TOKEN rather than hard-coding it, so secrets stay out of source.Related
MCP
Connect agents to MCP tool servers
Permission Modes
Control how agents handle tool approval

