Configuration & Environment

Consent cookie missing security attributes

MEDIUMCWE: CWE-1004Rule: MCP-263

An MCP proxy stores OAuth consent in a cookie that lacks the `__Host-` prefix and/or `Secure` / `HttpOnly` / `SameSite` attributes — failing all four hardening MUSTs in the MCP security best practices.

What it is

The official MCP spec lists four MUSTs for consent-tracking cookies: `__Host-` prefix (forces Secure, no Domain attribute, Path=/), `Secure`, `HttpOnly`, and `SameSite`. Each is a discrete remediation step; missing any of them is a finding in its own right. The `__Host-` prefix is the most important because it eliminates an entire class of subdomain-takeover attacks.

Why it matters for MCP

OAuth consent cookies are the durable state that lets a user not have to re-approve every flow. Their compromise is high-value. Setting all four attributes is cheap, well-understood, and mandated by spec.

Vulnerable example

example.py

1	@app.post("/consent")
2	def consent(response: Response, value: str) -> dict:
3	response.set_cookie("consent_id", value) # No prefix, no attrs.
4	return {"ok": True}

Secure example

example.py

@app.post("/consent")
def consent(response: Response, value: str) -> dict:
    response.set_cookie(
        "__Host-consent",
        value,
        secure=True,
        httponly=True,
        samesite="lax",
        max_age=600,
    )
    return {"ok": True}

How MCPSafe detects this

Four sub-rules, each per-occurrence. Fires on `set_cookie` / `res.cookie` / `response.cookie` calls with sensitive cookie names (`consent` / `oauth` / `session` / `state` / `auth` / `csrf`) and reports each missing protection independently: (1) name without `__Host-` prefix; (2) call body without `Secure`/`secure`; (3) without `HttpOnly`/`httpOnly`/`httponly`; (4) without `SameSite`/`sameSite`/`samesite`.

See the full threat catalog for every documented detection.

Scan an MCP server for this issue

MCPSafe runs this check — and every other rule in the catalog — on any MCP server you paste in.

Scan now

← Threat Catalog

Configuration & Environment

Consent cookie missing security attributes

MEDIUMCWE: CWE-1004Rule: MCP-263

What it is

Why it matters for MCP

Vulnerable example

example.py

1	@app.post("/consent")
2	def consent(response: Response, value: str) -> dict:
3	response.set_cookie("consent_id", value) # No prefix, no attrs.
4	return {"ok": True}

Secure example

example.py

@app.post("/consent")
def consent(response: Response, value: str) -> dict:
    response.set_cookie(
        "__Host-consent",
        value,
        secure=True,
        httponly=True,
        samesite="lax",
        max_age=600,
    )
    return {"ok": True}

How MCPSafe detects this

See the full threat catalog for every documented detection.

Scan an MCP server for this issue

MCPSafe runs this check — and every other rule in the catalog — on any MCP server you paste in.

Scan now

Consent cookie missing security attributes

What it is

Why it matters for MCP

Vulnerable example

Secure example

How MCPSafe detects this

Further reading

Scan an MCP server for this issue

Consent cookie missing security attributes

What it is

Why it matters for MCP

Vulnerable example

Secure example

How MCPSafe detects this

Further reading

Scan an MCP server for this issue

1	@app.post("/consent")
2	def consent(response: Response, value: str) -> dict:
3	response.set_cookie(
4	"__Host-consent",
5	value,
6	secure=True,
7	httponly=True,
8	samesite="lax",
9	max_age=600,
10	)
11	return {"ok": True}