ajaynomics/context-kit
1
0
Fork 0
Code Issues Pull Requests Actions Releases Activity

Harden docs MCP local exposure defaults

Browse Source
This commit is contained in:
Ajay Krishnan
2026-06-08 15:52:02 -07:00
parent 6a4d8673d1
commit 8fcd94d2c5
7 changed files with 43 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/security.md
View File

@@ -33,3 +33,12 @@ their mount paths and permissions separately.
Do not expose SearXNG or MCP servers to the public internet without a separate
review. The default setup is for localhost development.
The containers may bind to `0.0.0.0` internally, but the Compose file publishes
SearXNG and docs-mcp only on `127.0.0.1`. If you run the images outside the
provided Compose file, review port publishing, SearXNG's limiter/secret, and MCP
authentication separately.
Browser CORS for `context-docs` is disabled by default. Only set
`CONTEXT_KIT_DOCS_ALLOW_ORIGIN` for exact local origins that need direct browser
access; avoid wildcard origins for unauthenticated local MCP endpoints.