feat: add allowed-hosts flag by Yuan325 · Pull Request #2254 · googleapis/mcp-toolbox

Yuan325 · 2026-01-04T15:53:49Z

Description

Previously added allowed-origins (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers.

To test, run Toolbox with the following:

go run . --allowed-hosts=127.0.0.1:5000

Test with the following:

// curl successfully
curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000

// will show Invalid Host Header error
curl -H "Host: attacker:5000" http://127.0.0.1:5000

PR Checklist

Thank you for opening a Pull Request! Before submitting your PR, there are a
few things you can do to make sure it goes smoothly:

Make sure you reviewed
CONTRIBUTING.md
Make sure to open an issue as a
bug/issue
before writing your code! That way we can discuss the change, evaluate
designs, and agree on the general idea
Ensure the tests and linter pass
Code coverage does not decrease (if any source code was changed)
Appropriate docs were updated (if necessary)
Make sure to add ! if this involve a breaking change

🛠️ Fixes #<issue_number_goes_here>

gemini-code-assist · 2026-01-04T15:54:10Z

Summary of Changes

Hello @Yuan325, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the security of the Toolbox server by introducing a new --allowed-hosts flag. This flag allows administrators to specify a list of valid host headers, effectively preventing DNS rebinding attacks. The change includes the implementation of a new HTTP middleware for host validation and comprehensive updates to the documentation to guide users on its proper configuration and security implications.

Highlights

New allowed-hosts Flag: Introduced a new --allowed-hosts command-line flag to specify a list of permitted host headers for the server. This flag defaults to * (wildcard), allowing all hosts.
DNS Rebinding Protection: The primary purpose of the allowed-hosts flag is to mitigate DNS rebinding attacks by validating the Host header of incoming requests against a configured list of allowed hosts.
Host Header Validation Middleware: A new HostCheck HTTP middleware has been implemented to perform the host header validation. If an incoming request's host header is not in the allowed list, it will return a 400 Bad Request.
Documentation Updates: The documentation for deploying Toolbox on Docker, GKE, and Cloud Run, as well as the CLI reference, has been updated to reflect the new allowed-hosts flag and clarify its use in preventing DNS rebinding attacks, distinguishing it from allowed-origins (for CORS).

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request introduces an --allowed-hosts flag to mitigate DNS rebinding attacks, which is a valuable security enhancement. The implementation correctly adds the flag, the host-checking middleware, and updates relevant documentation. My review includes a suggestion to optimize the performance of the new middleware and a correction to a documentation example to ensure consistency.

github-actions · 2026-01-04T15:57:04Z

🔎 Preview at https://googleapis.github.io/genai-toolbox/previews/PR-2254/

github-actions · 2026-01-04T16:07:44Z

🔎 Preview at https://googleapis.github.io/genai-toolbox/previews/PR-2254/

github-actions · 2026-01-05T21:25:26Z

🔎 Preview at https://googleapis.github.io/genai-toolbox/previews/PR-2254/

github-actions · 2026-01-08T18:57:29Z

🔎 Preview at https://googleapis.github.io/genai-toolbox/previews/PR-2254/

github-actions · 2026-01-08T19:25:39Z

🔎 Preview at https://googleapis.github.io/genai-toolbox/previews/PR-2254/

github-actions · 2026-01-08T19:44:02Z

🧨 Preview deployments removed.

## Description Previously added `allowed-origins` (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers. To test, run Toolbox with the following: ``` go run . --allowed-hosts=127.0.0.1:5000 ``` Test with the following: ``` // curl successfully curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000 // will show Invalid Host Header error curl -H "Host: attacker:5000" http://127.0.0.1:5000 ``` ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here> 17b41f6

🤖 I have created a release *beep* *boop* --- ## [0.25.0](v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([#2121](#2121)) ([9c62f31](9c62f31)) * Add `allowed-hosts` flag ([#2254](#2254)) ([17b41f6](17b41f6)) * Add parameter default value to manifest ([#2264](#2264)) ([9d1feca](9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([#858](#858)) ([b706b5b](b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([#2202](#2202)) ([731a32e](731a32e)) * **sources/bigquery:** Make credentials scope configurable ([#2210](#2210)) ([a450600](a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([#2155](#2155)) ([4a4cf1e](4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([#2245](#2245)) ([eb79339](eb79339)) * **tools/postgressql:** Add tool to list store procedure ([#2156](#2156)) ([cf0fc51](cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([#2151](#2151)) ([17b70cc](17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([#2281](#2281)) ([a779975](a779975)) * **sources/cloudgda:** Add import for cloudgda source ([#2217](#2217)) ([7daa411](7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([#2228](#2228)) ([7053fbb](7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([#2265](#2265)) ([ef8f3b0](ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([#2231](#2231)) ([268700b](268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([#2121](#2121)) ([9c62f31](9c62f31)) * Add `allowed-hosts` flag ([#2254](#2254)) ([17b41f6](17b41f6)) * Add parameter default value to manifest ([#2264](#2264)) ([9d1feca](9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([#858](#858)) ([b706b5b](b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([#2202](#2202)) ([731a32e](731a32e)) * **sources/bigquery:** Make credentials scope configurable ([#2210](#2210)) ([a450600](a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([#2155](#2155)) ([4a4cf1e](4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([#2245](#2245)) ([eb79339](eb79339)) * **tools/postgressql:** Add tool to list store procedure ([#2156](#2156)) ([cf0fc51](cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([#2151](#2151)) ([17b70cc](17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([#2281](#2281)) ([a779975](a779975)) * **sources/cloudgda:** Add import for cloudgda source ([#2217](#2217)) ([7daa411](7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([#2228](#2228)) ([7053fbb](7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([#2265](#2265)) ([ef8f3b0](ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([#2231](#2231)) ([268700b](268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 41b518b

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 41b518b

## Description Previously added `allowed-origins` (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers. To test, run Toolbox with the following: ``` go run . --allowed-hosts=127.0.0.1:5000 ``` Test with the following: ``` // curl successfully curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000 // will show Invalid Host Header error curl -H "Host: attacker:5000" http://127.0.0.1:5000 ``` ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([#2121](#2121)) ([9c62f31](9c62f31)) * Add `allowed-hosts` flag ([#2254](#2254)) ([17b41f6](17b41f6)) * Add parameter default value to manifest ([#2264](#2264)) ([9d1feca](9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([#858](#858)) ([b706b5b](b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([#2202](#2202)) ([731a32e](731a32e)) * **sources/bigquery:** Make credentials scope configurable ([#2210](#2210)) ([a450600](a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([#2155](#2155)) ([4a4cf1e](4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([#2245](#2245)) ([eb79339](eb79339)) * **tools/postgressql:** Add tool to list store procedure ([#2156](#2156)) ([cf0fc51](cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([#2151](#2151)) ([17b70cc](17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([#2281](#2281)) ([a779975](a779975)) * **sources/cloudgda:** Add import for cloudgda source ([#2217](#2217)) ([7daa411](7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([#2228](#2228)) ([7053fbb](7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([#2265](#2265)) ([ef8f3b0](ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([#2231](#2231)) ([268700b](268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 41b518b

## Description Previously added `allowed-origins` (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers. To test, run Toolbox with the following: ``` go run . --allowed-hosts=127.0.0.1:5000 ``` Test with the following: ``` // curl successfully curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000 // will show Invalid Host Header error curl -H "Host: attacker:5000" http://127.0.0.1:5000 ``` ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

## Description Previously added `allowed-origins` (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers. To test, run Toolbox with the following: ``` go run . --allowed-hosts=127.0.0.1:5000 ``` Test with the following: ``` // curl successfully curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000 // will show Invalid Host Header error curl -H "Host: attacker:5000" http://127.0.0.1:5000 ``` ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 41b518b

## Description Previously added `allowed-origins` (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers. To test, run Toolbox with the following: ``` go run . --allowed-hosts=127.0.0.1:5000 ``` Test with the following: ``` // curl successfully curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000 // will show Invalid Host Header error curl -H "Host: attacker:5000" http://127.0.0.1:5000 ``` ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

## Description Previously added `allowed-origins` (for CORs) is not sufficient for preventing DNS rebinding attacks. We'll have to check host headers. To test, run Toolbox with the following: ``` go run . --allowed-hosts=127.0.0.1:5000 ``` Test with the following: ``` // curl successfully curl -H "Host: 127.0.0.1:5000" http://127.0.0.1:5000 // will show Invalid Host Header error curl -H "Host: attacker:5000" http://127.0.0.1:5000 ``` ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([googleapis#2121](googleapis#2121)) ([9c62f31](googleapis@9c62f31)) * Add `allowed-hosts` flag ([googleapis#2254](googleapis#2254)) ([17b41f6](googleapis@17b41f6)) * Add parameter default value to manifest ([googleapis#2264](googleapis#2264)) ([9d1feca](googleapis@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([googleapis#858](googleapis#858)) ([b706b5b](googleapis@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([googleapis#2202](googleapis#2202)) ([731a32e](googleapis@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([googleapis#2210](googleapis#2210)) ([a450600](googleapis@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([googleapis#2155](googleapis#2155)) ([4a4cf1e](googleapis@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([googleapis#2245](googleapis#2245)) ([eb79339](googleapis@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([googleapis#2156](googleapis#2156)) ([cf0fc51](googleapis@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([googleapis#2151](googleapis#2151)) ([17b70cc](googleapis@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([googleapis#2281](googleapis#2281)) ([a779975](googleapis@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([googleapis#2217](googleapis#2217)) ([7daa411](googleapis@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([googleapis#2228](googleapis#2228)) ([7053fbb](googleapis@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([googleapis#2265](googleapis#2265)) ([ef8f3b0](googleapis@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([googleapis#2231](googleapis#2231)) ([268700b](googleapis@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.25.0](googleapis/mcp-toolbox@v0.24.0...v0.25.0) (2026-01-08) ### Features * Add `embeddingModel` support ([#2121](googleapis/mcp-toolbox#2121)) ([9c62f31](googleapis/mcp-toolbox@9c62f31)) * Add `allowed-hosts` flag ([#2254](googleapis/mcp-toolbox#2254)) ([17b41f6](googleapis/mcp-toolbox@17b41f6)) * Add parameter default value to manifest ([#2264](googleapis/mcp-toolbox#2264)) ([9d1feca](googleapis/mcp-toolbox@9d1feca)) * **snowflake:** Add Snowflake Source and Tools ([#858](googleapis/mcp-toolbox#858)) ([b706b5b](googleapis/mcp-toolbox@b706b5b)) * **prebuilt/cloud-sql-mysql:** Update CSQL MySQL prebuilt tools to use IAM ([#2202](googleapis/mcp-toolbox#2202)) ([731a32e](googleapis/mcp-toolbox@731a32e)) * **sources/bigquery:** Make credentials scope configurable ([#2210](googleapis/mcp-toolbox#2210)) ([a450600](googleapis/mcp-toolbox@a450600)) * **sources/trino:** Add ssl verification options and fix docs example ([#2155](googleapis/mcp-toolbox#2155)) ([4a4cf1e](googleapis/mcp-toolbox@4a4cf1e)) * **tools/looker:** Add ability to set destination folder with `make_look` and `make_dashboard`. ([#2245](googleapis/mcp-toolbox#2245)) ([eb79339](googleapis/mcp-toolbox@eb79339)) * **tools/postgressql:** Add tool to list store procedure ([#2156](googleapis/mcp-toolbox#2156)) ([cf0fc51](googleapis/mcp-toolbox@cf0fc51)) * **tools/postgressql:** Add Parameter `embeddedBy` config support ([#2151](googleapis/mcp-toolbox#2151)) ([17b70cc](googleapis/mcp-toolbox@17b70cc)) ### Bug Fixes * **server:** Add `embeddingModel` config initialization ([#2281](googleapis/mcp-toolbox#2281)) ([a779975](googleapis/mcp-toolbox@a779975)) * **sources/cloudgda:** Add import for cloudgda source ([#2217](googleapis/mcp-toolbox#2217)) ([7daa411](googleapis/mcp-toolbox@7daa411)) * **tools/alloydb-wait-for-operation:** Fix connection message generation ([#2228](googleapis/mcp-toolbox#2228)) ([7053fbb](googleapis/mcp-toolbox@7053fbb)) * **tools/alloydbainl:** Only add psv when NL Config Param is defined ([#2265](googleapis/mcp-toolbox#2265)) ([ef8f3b0](googleapis/mcp-toolbox@ef8f3b0)) * **tools/looker:** Looker client OAuth nil pointer error ([#2231](googleapis/mcp-toolbox#2231)) ([268700b](googleapis/mcp-toolbox@268700b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>

Yuan325 requested a review from a team January 4, 2026 15:53

blunderbuss-gcf Bot assigned duwenxin99 Jan 4, 2026

gemini-code-assist Bot reviewed Jan 4, 2026

View reviewed changes

Comment thread internal/server/server.go Outdated

Comment thread docs/en/how-to/deploy_gke.md Outdated

Yuan325 added 2 commits January 5, 2026 13:22

feat: add allowed-hosts flag

e59b3fa

resolve gemini comment

49b04b0

Yuan325 force-pushed the allowed-host branch from 8ab4a35 to 49b04b0 Compare January 5, 2026 21:22

Yuan325 added priority: p0 Highest priority. Critical issue. P0 implies highest priority. release candidate Use label to signal PR should be included in the next release. labels Jan 5, 2026

duwenxin99 approved these changes Jan 8, 2026

View reviewed changes

duwenxin99 reviewed Jan 8, 2026

View reviewed changes

Comment thread docs/en/reference/cli.md Outdated

Yuan325 and others added 2 commits January 8, 2026 10:53

clarify docs

c71fa44

Merge branch 'main' into allowed-host

4385789

Yuan325 enabled auto-merge (squash) January 8, 2026 18:55

Merge branch 'main' into allowed-host

5fca4d7

Yuan325 merged commit 17b41f6 into main Jan 8, 2026
13 checks passed

Yuan325 deleted the allowed-host branch January 8, 2026 19:42

release-please Bot mentioned this pull request Jan 8, 2026

chore(main): release 0.25.0 #2218

Merged

BrewTestBot mentioned this pull request Jan 8, 2026

mcp-toolbox 0.25.0 Homebrew/homebrew-core#261919

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add allowed-hosts flag#2254

feat: add allowed-hosts flag#2254
Yuan325 merged 5 commits into
mainfrom
allowed-host

Yuan325 commented Jan 4, 2026 •

edited

Loading

Uh oh!

gemini-code-assist Bot commented Jan 4, 2026

Uh oh!

gemini-code-assist Bot left a comment

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Jan 4, 2026

Uh oh!

github-actions Bot commented Jan 4, 2026

Uh oh!

github-actions Bot commented Jan 5, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jan 8, 2026

Uh oh!

github-actions Bot commented Jan 8, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jan 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Yuan325 commented Jan 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

PR Checklist

Uh oh!

gemini-code-assist Bot commented Jan 4, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Jan 4, 2026

Uh oh!

github-actions Bot commented Jan 4, 2026

Uh oh!

github-actions Bot commented Jan 5, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jan 8, 2026

Uh oh!

github-actions Bot commented Jan 8, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jan 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Yuan325 commented Jan 4, 2026 •

edited

Loading