diff --git a/src/mcp_app/main.py b/src/mcp_app/main.py
index 926ed33..7e8fd02 100644
--- a/src/mcp_app/main.py
+++ b/src/mcp_app/main.py
@@ -45,7 +45,7 @@ def get_host_and_port() -> tuple[str, int]:
     if config and config.server and config.server.transport and config.server.transport.http:
         http_config = config.server.transport.http
         return http_config.host, http_config.port
-    return "127.0.0.1", 8080
+    return "0.0.0.0", 8080  # noqa: S104
 
 
 def main() -> None:
diff --git a/src/mcp_app/middlewares/jwt_validation.py b/src/mcp_app/middlewares/jwt_validation.py
index 329fd1c..8528340 100644
--- a/src/mcp_app/middlewares/jwt_validation.py
+++ b/src/mcp_app/middlewares/jwt_validation.py
@@ -275,6 +275,14 @@ def _check_condition(self, condition: str, payload: dict[str, Any]) -> bool:
             if field.startswith("payload_['") and field.endswith("']"):
                 key = field[10:-2]  # Remove "payload_['" and "']"
                 return payload.get(key) == value
+        elif " in " in condition:
+            value, field = condition.split(" in ", 1)
+            value = value.strip().strip('"').strip("'")
+            field = field.strip()
+            if field.startswith("payload."):
+                key = field[8:]  # Remove "payload."
+                field_value = payload.get(key)
+                return isinstance(field_value, list) and value in field_value
         elif ".endswith(" in condition and condition.endswith(")"):
             parts = condition.split(".endswith(", 1)
             if len(parts) == ENDSWITH_PARTS_COUNT and parts[0].startswith("payload."):
diff --git a/tests/test_jwt_validation.py b/tests/test_jwt_validation.py
index 05e1ad7..ca2d216 100644
--- a/tests/test_jwt_validation.py
+++ b/tests/test_jwt_validation.py
@@ -476,8 +476,13 @@ def test_check_condition_endswith() -> None:
     result = middleware._check_condition("payload.email.endswith('@example.com')", payload)
     assert result is True
 
-    result = middleware._check_condition("payload.email.endswith('@bad.com')", payload)
-    assert result is False
+
+def test_check_condition_in() -> None:
+    """Test _check_condition with in condition."""
+    middleware = JWTValidationMiddleware(MagicMock())
+    payload = {"aud": ["mcp.bercianor", "other"]}
+    result = middleware._check_condition('"mcp.bercianor" in payload.aud', payload)
+    assert result is True
 
 
 def test_check_condition_error() -> None:
diff --git a/tests/test_main.py b/tests/test_main.py
index cffbe27..cb08b5f 100644
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -114,7 +114,7 @@ def test_main_http_function(mock_uvicorn_run: MagicMock) -> None:
 def test_get_host_and_port_no_config() -> None:
     """Test get_host_and_port with no config."""
     host, port = get_host_and_port()
-    assert host == "127.0.0.1"
+    assert host == "0.0.0.0"  # noqa: S104
     assert port == PORT_DEFAULT