nextcloud-mcp-server/docs at ec70e70a5d5e806b3fd8ab751b4b1453616eeb2b - nextcloud-mcp-server - Gitea: Git with a cup of tea

brandon/nextcloud-mcp-server

Files

T

History

Chris Coutinho ec70e70a5d fix: Disable DNS rebinding protection for containerized deployments

MCP Python SDK 1.23.0 introduced automatic DNS rebinding protection that
auto-enables when host="127.0.0.1" (the default). This breaks containerized
deployments (Kubernetes, Docker) because the protection rejects requests
with Host headers like "nextcloud-mcp-server.default.svc.cluster.local:8000".

Root cause:
- FastMCP defaults to host="127.0.0.1"
- SDK auto-enables DNS rebinding protection with allowed_hosts=["127.0.0.1:*", "localhost:*", "[::1]:*"]
- K8s/Docker requests use service DNS names or proxied hostnames
- Protection middleware rejects these requests (421 Misdirected Request)

Solution:
- Explicitly pass transport_security=TransportSecuritySettings(enable_dns_rebinding_protection=False)
- Applied to all three FastMCP initializations (OAuth, Smithery, BasicAuth)
- DNS rebinding attacks mitigated by OAuth authentication and network isolation

This fixes issue #373 and enables MCP 1.23.x upgrade in PR #382.

For detailed analysis, see docs/MCP-1.23-DNS-REBINDING-FIX.md

2025-12-12 17:30:22 +01:00

..

fix: Preserve 3D plot camera and improve documentation

2025-11-19 14:10:53 +01:00

fix: Preserve 3D plot camera and improve documentation

2025-11-19 14:10:53 +01:00

ADR-001-enhanced-note-search.md

ADR search and handling categories in notes

2025-05-07 23:06:22 +02:00

ADR-002-vector-sync-authentication.md

docs: Add ADR-004 - MCP Server as OAuth Client for Offline Access

2025-11-02 23:31:39 +01:00

ADR-003-vector-database-semantic-search.md

docs: add ADR-007 for background vector database synchronization

2025-11-08 20:32:49 +01:00

ADR-004-Code-Review.md

feat: Add userinfo route/page

2025-11-04 00:03:24 +01:00

ADR-004-mcp-application-oauth.md

refactor: integrate token exchange into unified get_client() pattern

2025-11-03 20:33:56 +01:00

ADR-005-token-audience-validation.md

fix: Implement proper OAuth resource parameters and PRM-based discovery

2025-11-05 23:19:03 +01:00

ADR-006-progressive-consent-elicitation.md

fix: Consolidate OAuth callbacks and implement PKCE for all flows

2025-11-07 21:08:55 +01:00

ADR-007-background-vector-sync-job-management.md

refactor: move webapp from /user/page to /app

2025-11-11 20:53:43 +01:00

ADR-008-mcp-sampling-for-semantic-search.md

docs: refactor semantic search from notes-specific to multi-app architecture

2025-11-09 04:47:20 +01:00

ADR-009-semantic-search-oauth-scope.md

docs: refactor semantic search from notes-specific to multi-app architecture

2025-11-09 04:47:20 +01:00

ADR-010-webhook-based-vector-sync.md

feat: add webhook management UI and BeforeNodeDeletedEvent support

2025-11-11 20:35:08 +01:00

ADR-011-hybrid-oauth-appapi-deployment.md

docs: Update ADR-011 to rejected status with Context Agent validation

2025-11-13 23:30:14 +01:00

ADR-011-improving-semantic-search-quality.md

feat: Replace custom document chunker with LangChain MarkdownTextSplitter

2025-11-18 12:17:23 +01:00

ADR-012-unified-multi-algorithm-search.md

docs: Emphasize server-side processing in ADR-012 viz pane

2025-11-15 00:02:54 +01:00

ADR-013-rag-evaluation.md

feat: implement RAG evaluation framework with CLI tooling

2025-11-15 23:11:21 +01:00

ADR-014-bm25-search.md

feat: add configurable fusion algorithms for BM25 hybrid search

2025-11-17 06:48:43 +01:00

ADR-015-unified-provider-architecture.md

feat: add unified provider architecture with Amazon Bedrock support

2025-11-16 11:36:58 +01:00

ADR-016-smithery-stateless-deployment.md

docs: Add ADR-016 for Smithery stateless deployment

2025-11-22 17:13:18 +01:00

audience-validation-setup.md

docs: Reject service account tokens as OAuth authentication pattern

2025-11-02 22:03:22 +01:00

authentication.md

docs: restructure documentation

2025-10-14 01:23:49 +02:00

bedrock-setup.md

feat: add unified provider architecture with Amazon Bedrock support

2025-11-16 11:36:58 +01:00

calendar.md

docs: fix duplicate

2025-09-11 17:31:00 +02:00

comparison-context-agent.md

docs: Update README

2025-10-15 14:47:43 +02:00

configuration.md

feat(vector): Add configurable chunk size and overlap for document embedding

2025-11-10 02:47:57 +01:00

contacts.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

cookbook.md

feat(cookbook): Add full Cookbook app support with 13 tools and 2 resources

2025-10-17 03:08:16 +02:00

CRITICAL-TOKEN-EXCHANGE-PATTERN.md

refactor: integrate token exchange into unified get_client() pattern

2025-11-03 20:33:56 +01:00

deck.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

installation.md

docs: Remove pip

2025-10-14 01:23:38 +02:00

jwt-oauth-reference.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

keycloak-multi-client-validation.md

feat: Add Keycloak OAuth provider support with refresh token storage

2025-11-02 22:03:19 +01:00

MCP-1.23-DNS-REBINDING-FIX.md

fix: Disable DNS rebinding protection for containerized deployments

2025-12-12 17:30:22 +01:00

nextcloud_notes_image_embedding.md

Add support for attachments in notes

2025-05-06 02:52:51 +02:00

notes.md

feat: implement MCP sampling for semantic search RAG (ADR-008)

2025-11-09 01:00:18 +01:00

oauth-architecture-comparison.md

docs: Rewrite ADR-004 for Federated Authentication Architecture

2025-11-02 23:58:15 +01:00

oauth-architecture.md

docs: refactor semantic search from notes-specific to multi-app architecture

2025-11-09 04:47:20 +01:00

oauth-impersonation-findings.md

docs: Reject service account tokens as OAuth authentication pattern

2025-11-02 22:03:22 +01:00

oauth-setup.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-troubleshooting.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

oauth-upstream-status.md

docs: Update upstream OAuth status with completed oidc app PRs [skip ci]

2025-11-02 22:03:21 +01:00

observability.md

feat: Add OpenTelemetry tracing to @instrument_tool decorator

2025-11-16 11:16:05 +01:00

quickstart-oauth.md

fix(oauth): Remove the option to force_register new clients

2025-10-15 16:27:22 +02:00

running.md

docs: Update Docs

2025-10-14 01:23:38 +02:00

semantic-search-architecture.md

feat(vector): Add configurable chunk size and overlap for document embedding

2025-11-10 02:47:57 +01:00

table.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00

testing-client-sessions-architecture.md

docs: Update jwt docs

2025-10-23 11:20:49 +02:00

testing-oidc-consent.md

feat: Split read/write scopes into app:read/write scopes

2025-10-24 04:38:49 +02:00

troubleshooting.md

docs: Replace .nextcloud_oauth_client.json references with SQLite storage

2025-11-02 22:03:21 +01:00

webdav.md

chore: Update README.md, move docs to directory

2025-09-11 17:28:13 +02:00