Skip to content

chore: add streamable http disclaimer #390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jul 23, 2025
Merged

chore: add streamable http disclaimer #390

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
928293d
chore: add streamable http disclaimer
blva Jul 22, 2025
fb96106
reformat
blva Jul 22, 2025
3e07f20
reformat
blva Jul 22, 2025
bc4fa12
update
blva Jul 22, 2025
4ea0c78
update
blva Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,18 @@ With Atlas API credentials:

#### Option 6: Running as an HTTP Server

> **⚠️ Security Notice:** This server now supports Streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**
Copy link
Preview

Copilot AI Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The term 'Streamable HTTP transport' should be consistently capitalized. Consider using 'streamable HTTP transport' (lowercase 's') to match standard technical writing conventions unless this is a proper noun or brand name.

Suggested change
> **⚠️ Security Notice:** This server now supports Streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**
> **⚠️ Security Notice:** This server now supports streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**

Copilot uses AI. Check for mistakes.


**Suggested Security Measures Examples:**

- Implement authentication (e.g., API gateway, reverse proxy)
- Use HTTPS/TLS encryption
- Deploy behind a firewall or in private networks
- Implement rate limiting
- Never expose directly to the internet

For more details, see [MCP Security Best Practices](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations).

You can run the MongoDB MCP Server as an HTTP server instead of the default stdio transport. This is useful if you want to interact with the server over HTTP, for example from a web client or to expose the server on a specific port.

To start the server with HTTP transport, use the `--transport http` option:
Expand Down
Loading