docs: make DNS rebinding protection more prominent in server.md

[pcarleton]

Summary

Make DNS rebinding protection guidance more prominent in docs/server.md to help developers secure localhost MCP servers.

Changes

1. Added WARNING callout after the first Streamable HTTP example (NodeStreamableHTTPServerTransport) with links to the recommended alternatives.

2. Expanded DNS rebinding section with:

   • Context on what DNS rebinding attacks are and why they matter
   • Explicit recommendation that all localhost MCP servers should use DNS rebinding protection
   • Mention of createMcpHonoApp() for Hono/Web Standard runtimes alongside the existing Express example
   • Guidance for custom framework users to implement Host header validation themselves

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8cd92e4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1586

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1586

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@1586

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@1586

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@1586

commit: 8cd92e4