Documentation

SsrfPolicy

mcp auth ssrf

How a fetch treats internal targets.

Values

ValueMeaning
blockInternal

Reject loopback/private/link-local hosts. The only internal targets permitted are explicit loopback hosts reached over plaintext http (the local-development allowance). Used for every attacker-influenceable fetch (OAuth/discovery, JWKS, introspection, proxy upstream).

allowUserConfigured

Resolve and pin the address (TOCTOU-stable) but do NOT reject internal or loopback targets. Used for the user-chosen MCP client transport endpoint.

mcp auth ssrf enumsfunctionsstructs
Page generated by adrdox