MCP server rejects external host connections due to DNS rebinding protection.

[kleinmatic]

When connecting to the Glances MCP server from external hosts (not localhost), the
connection is rejected. This is caused by DNS rebinding protection added in a recent MCP Python SDK update.

Root Cause

The MCP SDK's TransportSecuritySettings validates the Host header against an allowlist,
which defaults to only localhost and 127.0.0.1. When clients like mcp-remote connect with
the actual server IP/hostname, the validation fails with "invalid host header".

Current Behavior

• Glances creates the MCP server with FastMCP.sse_app() using default settings
• No configuration option exists to customize allowed_hosts for the MCP server
• External connections are rejected regardless of authentication settings

Expected Behavior

Users should be able to configure which hosts are allowed to connect to the MCP server,
either via:

• Command-line argument (e.g., --mcp-allowed-hosts)
• Configuration file setting in glances.conf
• Or both

Steps to Reproduce

1. Start Glances with MCP enabled: glances -w --enable-mcp
2. Attempt to connect from another machine using the server's IP/hostname
3. Connection fails with "Request validation failed"

[nicolargo]

I Thanks for the issue report @kleinmatic

I will have a look as soon as possible.