Skip to content

chore: add streamable http disclaimer #390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 23, 2025
Merged

chore: add streamable http disclaimer #390

merged 5 commits into from
Jul 23, 2025

Conversation

blva
Copy link
Collaborator

@blva blva commented Jul 22, 2025

Proposed changes

  • Adds streamable http disclaimer

Checklist

@blva blva marked this pull request as ready for review July 22, 2025 16:13
@Copilot Copilot AI review requested due to automatic review settings July 22, 2025 16:13
@blva blva requested a review from a team as a code owner July 22, 2025 16:13
Copilot
Copilot AI reviewed Jul 22, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a security disclaimer and best practices guidance for the HTTP transport feature in the MongoDB MCP Server. The change aims to warn users about security considerations when using the streamable HTTP transport option.

  • Adds a prominent security warning about HTTP transport risks
  • Provides specific security measure recommendations for production deployments
  • References official documentation for additional security considerations

README.md
@@ -230,6 +230,18 @@ With Atlas API credentials:

#### Option 6: Running as an HTTP Server

> **⚠️ Security Notice:** This server now supports Streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**
Copy link
Preview

Copilot AI Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The term 'Streamable HTTP transport' should be consistently capitalized. Consider using 'streamable HTTP transport' (lowercase 's') to match standard technical writing conventions unless this is a proper noun or brand name.

Suggested change
> **⚠️ Security Notice:** This server now supports Streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**
> **⚠️ Security Notice:** This server now supports streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**

Copilot uses AI. Check for mistakes.

@coveralls
Copy link
Collaborator

coveralls commented Jul 22, 2025
edited
Loading

Pull Request Test Coverage Report for Build 16449772986

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.3%) to 80.495%
Totals Coverage Status
Change from base Build 16448284562: 0.3%
Covered Lines: 3110
Relevant Lines: 3826
💛 - Coveralls

@blva blva merged commit 63e794e into main Jul 23, 2025
18 checks passed
@blva blva deleted the MCP-67 branch July 23, 2025 09:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@fmenezes fmenezes fmenezes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blva @coveralls @fmenezes