MLflow Tracking Server Security
MLflow 3.5.0+ includes security middleware to protect against DNS rebinding, CORS attacks, and clickjacking. These features are available with the default FastAPI-based tracking server (uvicorn).
Quick Start
Configure security based on your deployment scenario:
# Local development (secure by default)
mlflow server
# Team server
mlflow server --host 0.0.0.0 \
--allowed-hosts "mlflow.internal:5000" \
--cors-allowed-origins "https://notebook.internal"
# Production
export MLFLOW_SERVER_ALLOWED_HOSTS="mlflow.company.com"
export MLFLOW_SERVER_CORS_ALLOWED_ORIGINS="https://app.company.com"
mlflow server --host 127.0.0.1
Security Features
The tracking server includes these built-in protections:
DNS Rebinding Protection
Validates Host headers to prevent attacks on internal services
CORS Protection
Controls which web apps can access your MLflow API
Clickjacking Prevention
X-Frame-Options header controls iframe embedding
Security Headers
Automatic headers prevent MIME sniffing and XSS
Documentation
Learn how to configure and use security features:
Configuration
Configure security settings
Configure →
UI Access
Enable remote access and iframe embedding
Setup access →
Default Behavior
Security defaults are designed to be safe for local development while requiring explicit configuration for production:
| Feature | Default | Production |
|---|---|---|
| Host Validation | Localhost + private IPs | Configure specific domains |
| CORS Origins | Any localhost origin | Specific application origins |
| iframe Embedding | SAMEORIGIN | SAMEORIGIN or CSP |