From 3a1852d7062aa4551edeaf3b93488a0375bb298e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Theodor=20N=2E=20Eng=C3=B8y?= Date: Sun, 8 Feb 2026 12:14:37 +0100 Subject: [PATCH 1/2] examples: bind auth-middleware server to localhost by default --- examples/server/auth-middleware/main.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/examples/server/auth-middleware/main.go b/examples/server/auth-middleware/main.go index ca339dfb..f9ac34f7 100644 --- a/examples/server/auth-middleware/main.go +++ b/examples/server/auth-middleware/main.go @@ -26,7 +26,9 @@ import ( // This example demonstrates how to integrate auth.RequireBearerToken middleware // with an MCP server to provide authenticated access to MCP tools and resources. -var httpAddr = flag.String("http", ":8080", "HTTP address to listen on") +// Default to loopback to avoid exposing powerful demo endpoints to the local network. +// Set -http 0.0.0.0:8080 to intentionally expose it. +var httpAddr = flag.String("http", "localhost:8080", "HTTP address to listen on") // JWTClaims represents the claims in our JWT tokens. // In a real application, you would include additional claims like issuer, audience, etc. From c70addf0260a0b8afdb9396e63e52241ed666c8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Theodor=20N=2E=20Eng=C3=B8y?= Date: Tue, 10 Feb 2026 12:21:09 +0100 Subject: [PATCH 2/2] scripts: bind conformance server to localhost by default --- scripts/server-conformance.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/server-conformance.sh b/scripts/server-conformance.sh index 0826086a..f31d8df2 100755 --- a/scripts/server-conformance.sh +++ b/scripts/server-conformance.sh @@ -70,8 +70,8 @@ fi go build -o "$WORKDIR/conformance-server" ./conformance/everything-server # Start the server in the background -echo "Starting conformance server on port $PORT..." -"$WORKDIR/conformance-server" -http=":$PORT" & +echo "Starting conformance server on localhost:$PORT..." +"$WORKDIR/conformance-server" -http="localhost:$PORT" & SERVER_PID=$! echo "Server pid is $SERVER_PID"