modelcontextprotocol · pcarleton · Jan 22, 2026 · Jan 22, 2026 · Jan 22, 2026 · Jan 22, 2026
diff --git a/examples/servers/typescript/README.md b/examples/servers/typescript/README.md
@@ -170,3 +170,21 @@ If you're implementing MCP in another language/SDK:
 5. **Handle Notifications Carefully**: Catch/ignore errors when no client is connected
 
 **Goal**: All SDK example servers provide the same interface, enabling a single test suite to verify conformance across all implementations.
+
+## Negative Test Cases
+
+### no-dns-rebinding-protection.ts
+
+A minimal MCP server that intentionally omits DNS rebinding protection. This is a **negative test case** that demonstrates what a vulnerable server looks like and is expected to **FAIL** the `dns-rebinding-protection` conformance scenario.
+
+```bash
+# Run the vulnerable server
+npx tsx no-dns-rebinding-protection.ts
+
+# This should FAIL the dns-rebinding-protection checks
+npx @modelcontextprotocol/conformance server \
+  --url http://localhost:3003/mcp \
+  --scenario dns-rebinding-protection
+```
+
+**DO NOT** use this pattern in production servers. Always use `createMcpExpressApp()` or the `localhostHostValidation()` middleware for localhost servers.
diff --git a/examples/servers/typescript/everything-server.ts b/examples/servers/typescript/everything-server.ts
@@ -18,6 +18,7 @@ import {
   EventId,
   StreamId
 } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { createMcpExpressApp } from '@modelcontextprotocol/sdk/server/express.js';
 import {
   ElicitResultSchema,
   ListToolsRequestSchema,
@@ -26,7 +27,6 @@ import {
 } from '@modelcontextprotocol/sdk/types.js';
 import { zodToJsonSchema } from 'zod-to-json-schema';
 import { z } from 'zod';
-import express from 'express';
 import cors from 'cors';
 import { randomUUID } from 'crypto';
 
@@ -1055,8 +1055,8 @@ function isInitializeRequest(body: any): boolean {
 
 // ===== EXPRESS APP =====
 
-const app = express();
-app.use(express.json());
+// Use createMcpExpressApp for DNS rebinding protection on localhost
+const app = createMcpExpressApp();
 
 // Configure CORS to expose Mcp-Session-Id header for browser-based clients
 app.use(

diff --git a/examples/servers/typescript/no-dns-rebinding-protection.ts b/examples/servers/typescript/no-dns-rebinding-protection.ts
@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+
+/**
+ * MCP Server WITHOUT DNS Rebinding Protection - Negative Test Case
+ *
+ * This is the simplest possible vulnerable server to demonstrate what happens
+ * when DNS rebinding protection is omitted. DO NOT use this pattern in production.
+ *
+ * This server should FAIL the dns-rebinding-protection conformance scenario.
+ */
+
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import express from 'express';
+
+// Create minimal MCP server
+const server = new McpServer({
+  name: 'no-dns-rebinding-protection-server',
+  version: '1.0.0'
+});
+
+// Add a simple tool
+server.tool(
+  'echo',
+  'Echo the input back',
+  { message: { type: 'string' } },
+  async ({ message }) => ({
+    content: [{ type: 'text', text: `Echo: ${message}` }]
+  })
+);
+
+// === VULNERABLE EXPRESS APP ===
+// This intentionally does NOT use createMcpExpressApp() or localhostHostValidation()
+const app = express();
+app.use(express.json());
+// NO DNS rebinding protection middleware here!
+
+app.post('/mcp', async (req, res) => {
+  try {
+    // Stateless: no session ID
+    const transport = new StreamableHTTPServerTransport({
+      sessionIdGenerator: undefined
+    });
+    await server.connect(transport);
+    await transport.handleRequest(req, res, req.body);
+  } catch (error) {
+    if (!res.headersSent) {
+      res.status(500).json({
+        jsonrpc: '2.0',
+        error: {
+          code: -32603,
+          message: `Internal error: ${error instanceof Error ? error.message : String(error)}`
+        },
+        id: null
+      });
+    }
+  }
+});
+
+const PORT = parseInt(process.env.PORT || '3003', 10);
+app.listen(PORT, '127.0.0.1', () => {
+  console.log(`Vulnerable server running on http://localhost:${PORT}/mcp`);
+  console.log(`WARNING: No DNS rebinding protection enabled!`);
+});
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,6 +50,7 @@
     "eventsource-parser": "^3.0.6",
     "express": "^5.1.0",
     "jose": "^6.1.2",
+    "undici": "^7.19.0",
     "yaml": "^2.8.2",
     "zod": "^3.25.76"
   }

diff --git a/src/scenarios/index.ts b/src/scenarios/index.ts
@@ -51,6 +51,8 @@ import {
   PromptsGetWithImageScenario
 } from './server/prompts';
 
+import { DNSRebindingProtectionScenario } from './server/dns-rebinding';
+
 import { authScenariosList } from './client/auth/index';
 import { listMetadataScenarios } from './client/auth/discovery-metadata';
 
@@ -123,7 +125,10 @@ const allClientScenariosList: ClientScenario[] = [
   new PromptsGetSimpleScenario(),
   new PromptsGetWithArgsScenario(),
   new PromptsGetEmbeddedResourceScenario(),
-  new PromptsGetWithImageScenario()
+  new PromptsGetWithImageScenario(),
+
+  // Security scenarios
+  new DNSRebindingProtectionScenario()
 ];
 
 // Active client scenarios (excludes pending)