From 74c0768d5d5420fa01c6d1342923f6b3ecb54b25 Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 09:56:20 -0700
Subject: [PATCH 1/7] Update sse.py

> When running locally, servers SHOULD bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0)
---
 src/mcp/server/sse.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mcp/server/sse.py b/src/mcp/server/sse.py
index a6350a39b..bae2bbf52 100644
--- a/src/mcp/server/sse.py
+++ b/src/mcp/server/sse.py
@@ -27,7 +27,7 @@ async def handle_sse(request):
 
     # Create and run Starlette app
     starlette_app = Starlette(routes=routes)
-    uvicorn.run(starlette_app, host="0.0.0.0", port=port)
+    uvicorn.run(starlette_app, host="127.0.0.1", port=port)
 ```
 
 Note: The handle_sse function must return a Response to avoid a "TypeError: 'NoneType'

From 58c0c54e10877ab5f2b415b71748842200101428 Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 09:57:17 -0700
Subject: [PATCH 2/7] Update server.py

> When running locally, servers SHOULD bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0)
---
 examples/servers/simple-tool/mcp_simple_tool/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/servers/simple-tool/mcp_simple_tool/server.py b/examples/servers/simple-tool/mcp_simple_tool/server.py
index 5f4e28bb7..cd574ad5e 100644
--- a/examples/servers/simple-tool/mcp_simple_tool/server.py
+++ b/examples/servers/simple-tool/mcp_simple_tool/server.py
@@ -84,7 +84,7 @@ async def handle_sse(request):
 
         import uvicorn
 
-        uvicorn.run(starlette_app, host="0.0.0.0", port=port)
+        uvicorn.run(starlette_app, host="127.0.0.1", port=port)
     else:
         from mcp.server.stdio import stdio_server
 

From fceea6fee6e764f0739cab1d9b6e8326add54549 Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 09:58:04 -0700
Subject: [PATCH 3/7] Update server.py

> When running locally, servers SHOULD bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0)
---
 .../simple-streamablehttp/mcp_simple_streamablehttp/server.py   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/servers/simple-streamablehttp/mcp_simple_streamablehttp/server.py b/examples/servers/simple-streamablehttp/mcp_simple_streamablehttp/server.py
index 1a76097b5..bf6f51e5c 100644
--- a/examples/servers/simple-streamablehttp/mcp_simple_streamablehttp/server.py
+++ b/examples/servers/simple-streamablehttp/mcp_simple_streamablehttp/server.py
@@ -164,6 +164,6 @@ async def lifespan(app: Starlette) -> AsyncIterator[None]:
 
     import uvicorn
 
-    uvicorn.run(starlette_app, host="0.0.0.0", port=port)
+    uvicorn.run(starlette_app, host="127.0.0.1", port=port)
 
     return 0

From 01c126d92c917c98d9a253994473f5c0f6c29314 Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 09:58:33 -0700
Subject: [PATCH 4/7] Update server.py

> When running locally, servers SHOULD bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0)
---
 examples/servers/simple-resource/mcp_simple_resource/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/servers/simple-resource/mcp_simple_resource/server.py b/examples/servers/simple-resource/mcp_simple_resource/server.py
index 3e3adf108..85c29cb7d 100644
--- a/examples/servers/simple-resource/mcp_simple_resource/server.py
+++ b/examples/servers/simple-resource/mcp_simple_resource/server.py
@@ -72,7 +72,7 @@ async def handle_sse(request):
 
         import uvicorn
 
-        uvicorn.run(starlette_app, host="0.0.0.0", port=port)
+        uvicorn.run(starlette_app, host="127.0.0.1", port=port)
     else:
         from mcp.server.stdio import stdio_server
 

From 9970be99f1fd06659ddf5196288ec84cbccab0f7 Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 09:58:56 -0700
Subject: [PATCH 5/7] Update server.py

> When running locally, servers SHOULD bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0)
---
 examples/servers/simple-prompt/mcp_simple_prompt/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/servers/simple-prompt/mcp_simple_prompt/server.py b/examples/servers/simple-prompt/mcp_simple_prompt/server.py
index bc14b7cd0..eca0bbcf3 100644
--- a/examples/servers/simple-prompt/mcp_simple_prompt/server.py
+++ b/examples/servers/simple-prompt/mcp_simple_prompt/server.py
@@ -114,7 +114,7 @@ async def handle_sse(request):
 
         import uvicorn
 
-        uvicorn.run(starlette_app, host="0.0.0.0", port=port)
+        uvicorn.run(starlette_app, host="127.0.0.1", port=port)
     else:
         from mcp.server.stdio import stdio_server
 

From be52a506ed3060e32e44a615943a457aa7220524 Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 09:59:29 -0700
Subject: [PATCH 6/7] Update server.py

---
 .../mcp_simple_streamablehttp_stateless/server.py               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/servers/simple-streamablehttp-stateless/mcp_simple_streamablehttp_stateless/server.py b/examples/servers/simple-streamablehttp-stateless/mcp_simple_streamablehttp_stateless/server.py
index f718df801..bbf3dc64c 100644
--- a/examples/servers/simple-streamablehttp-stateless/mcp_simple_streamablehttp_stateless/server.py
+++ b/examples/servers/simple-streamablehttp-stateless/mcp_simple_streamablehttp_stateless/server.py
@@ -136,6 +136,6 @@ async def lifespan(app: Starlette) -> AsyncIterator[None]:
 
     import uvicorn
 
-    uvicorn.run(starlette_app, host="0.0.0.0", port=port)
+    uvicorn.run(starlette_app, host="127.0.0.1", port=port)
 
     return 0

From bee3a74b8b05bc20a287e8c9d3e66313ab13f0bf Mon Sep 17 00:00:00 2001
From: ciccolo-anthropic <ciccolo@anthropic.com>
Date: Fri, 16 May 2025 10:07:23 -0700
Subject: [PATCH 7/7] Update server.py

> When running locally, servers SHOULD bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0)
---
 src/mcp/server/fastmcp/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mcp/server/fastmcp/server.py b/src/mcp/server/fastmcp/server.py
index 21c31b0b3..b0aedb38c 100644
--- a/src/mcp/server/fastmcp/server.py
+++ b/src/mcp/server/fastmcp/server.py
@@ -87,7 +87,7 @@ class Settings(BaseSettings, Generic[LifespanResultT]):
     log_level: Literal["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"] = "INFO"
 
     # HTTP settings
-    host: str = "0.0.0.0"
+    host: str = "127.0.0.1"
     port: int = 8000
     mount_path: str = "/"  # Mount path (e.g. "/github", defaults to root path)
     sse_path: str = "/sse"