Skip to main content
SecurityConfig locks down an MCP SSE server with localhost-only binding, bearer-token authentication, and Origin validation.

Quick Start

1

Bind to localhost only

SecurityConfig defaults to bind_localhost_only=True. Pass its recommended bind address to run_sse.
2

Require a bearer token

Set require_auth=True and provide the token via MCP_SSE_AUTH_TOKEN. Requests without a matching Authorization: Bearer … header get a 401.

How It Works

run_sse wraps the Starlette app with security middleware when a SecurityConfig requires auth or origin validation.

Configuration Options

Extracted from SecurityConfig in praisonaiagents/mcp/mcp_security.py. Token and origin overrides can also come from the environment:

Common Patterns

Choose a hardening level based on where the server runs. Localhost-only, no token — trusted single-machine use:
Token plus restricted origins — a shared or networked server:

Best Practices

Leave bind_localhost_only=True (the default) for any server that only serves the local machine — it keeps 127.0.0.1 off the network.
Set require_auth=True and provide MCP_SSE_AUTH_TOKEN whenever the server is reachable beyond localhost.
Narrow allowed_origins to the exact hosts that should call the server instead of leaving the defaults when exposing it more widely.
Read the token from MCP_SSE_AUTH_TOKEN rather than hard-coding it, so secrets stay out of source.

MCP

Connect agents to MCP tool servers

Permission Modes

Control how agents handle tool approval