app

The `/api/mcp-proxy` endpoint acts as a forwarding proxy. It takes a `target-url` parameter, which is base64-decoded and then fetched without further host validation. This is a critical Server-Side Request Forgery (SSRF) vulnerability, allowing an authenticated attacker to make arbitrary requests from the server's context, potentially probing internal networks or sensitive external services. Additionally, while the `getValidOrigin` function attempts to restrict `Access-Control-Allow-Origin` in production, its fallback to `*` if no valid origin is found, combined with `credentials: 'include'` in fetch requests, could lead to unexpected cross-origin issues if not correctly protected by authentication at all layers. The general use of `credentials: 'include'` across various API calls increases the surface for CSRF if anti-CSRF tokens are not robustly implemented elsewhere.