adityamparikh opened a new pull request, #126: URL: https://github.com/apache/solr-mcp/pull/126
## Summary Adds \`docs/security/http.md\` as the companion to \`docs/security/stdio.md\` (#119). Documents the secured filter chain, JWT validation rules, audience binding via RFC 8707 resource indicators, CORS allowlist, actuator exposure decisions, and per-IdP setup notes for Auth0, Okta, and Keycloak — including [Keycloak's RFC 8707 limitation and Audience-mapper workaround](https://www.keycloak.org/securing-apps/mcp-authz-server). Pure documentation; no code changes. ## Test plan - [x] Markdown renders correctly on GitHub (tables, code blocks, blockquotes, links) - [x] All external links resolve - [x] No code paths touched; CI unaffected ## Related PRs This doc describes the security model after #120, #121, #123, #124, #125 land. The doc is forward-looking — operators reading it will be running the code those PRs land on. Filed in parallel so it's ready to merge once the implementation PRs land. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
