From a2064502b9eba380483c666adf2e142abd6ec368 Mon Sep 17 00:00:00 2001
From: kissrobber <kissrobber@gmail.com>
Date: Wed, 16 Apr 2025 13:34:48 +0900
Subject: [PATCH] add --allow-http flag

---
 README.md        | 10 ++++++++++
 src/lib/utils.ts |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6204bf3..29a1fbc 100644
--- a/README.md
+++ b/README.md
@@ -104,6 +104,16 @@ To bypass authentication, or to emit custom headers on all requests to your remo
       ]
 ```
 
+* To allow HTTP connections in trusted private networks, add the `--allow-http` flag. Note: This should only be used in secure private networks where traffic cannot be intercepted.
+
+```json
+      "args": [
+        "mcp-remote",
+        "http://internal-service.vpc/sse",
+        "--allow-http"
+      ]
+```
+
 ### Claude Desktop
 
 [Official Docs](https://modelcontextprotocol.io/quickstart/user)
diff --git a/src/lib/utils.ts b/src/lib/utils.ts
index 51c085f..40c744d 100644
--- a/src/lib/utils.ts
+++ b/src/lib/utils.ts
@@ -299,6 +299,7 @@ export async function parseCommandLineArgs(args: string[], defaultPort: number,
 
   const serverUrl = args[0]
   const specifiedPort = args[1] ? parseInt(args[1]) : undefined
+  const allowHttp = args.includes('--allow-http')
 
   if (!serverUrl) {
     log(usage)
@@ -308,7 +309,8 @@ export async function parseCommandLineArgs(args: string[], defaultPort: number,
   const url = new URL(serverUrl)
   const isLocalhost = (url.hostname === 'localhost' || url.hostname === '127.0.0.1') && url.protocol === 'http:'
 
-  if (!(url.protocol == 'https:' || isLocalhost)) {
+  if (!(url.protocol == 'https:' || isLocalhost || allowHttp)) {
+    log('Error: Non-HTTPS URLs are only allowed for localhost or when --allow-http flag is provided')
     log(usage)
     process.exit(1)
   }