Send SEP-2243 Mcp-Method/Mcp-Name headers from the StreamableHTTP client#2730
Open
vidigoat wants to merge 1 commit into
Open
Send SEP-2243 Mcp-Method/Mcp-Name headers from the StreamableHTTP client#2730vidigoat wants to merge 1 commit into
vidigoat wants to merge 1 commit into
Conversation
vidigoat
force-pushed
the
fix/sep-2243-mcp-post-headers
branch
from
1732572 to
8f1d353
Compare
Per SEP-2243, MCP clients should send routing headers on POST requests so spec-compliant servers and intermediaries can route without parsing the JSON-RPC body. The StreamableHTTP client did not send them. Add Mcp-Method (the JSON-RPC method, for requests and notifications) and Mcp-Name (params.name for tools and prompts, else params.uri for resources) to outgoing POST headers. Mcp-Name values are encoded per the SEP-2243 value rules: safe printable-ASCII values are sent unchanged, while non-ASCII, control characters, or significant leading/trailing whitespace are wrapped as =?base64?<b64>?=. Besides matching the spec, this prevents a UnicodeEncodeError when a tool name or URI contains non-ASCII characters, and neutralizes header injection via CR/LF. Responses and errors, which have no method, send neither header. Fixes modelcontextprotocol#2715
vidigoat
force-pushed
the
fix/sep-2243-mcp-post-headers
branch
from
8f1d353 to
5fb16c8
Compare
Author
|
Updated to also apply SEP-2243's value-encoding rules to |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #2715. Per SEP-2243 (accepted — see the draft changelog), the Streamable HTTP transport requires
Mcp-MethodandMcp-Nameheaders on POST requests so servers/intermediaries can route without parsing the JSON-RPC body. The Python client did not send them.Changes
_set_mcp_request_headers()sets, for outgoing POST messages:Mcp-Method: the JSON-RPC method — for requests and notificationsMcp-Name:params.name(tools/prompts) or, when absent,params.uri(resources)_encode_mcp_header_value()applies the SEP-2243 value-encoding rules toMcp-Name: safe printable-ASCII values pass through; non-ASCII, control characters, or significant leading/trailing whitespace are wrapped as=?base64?<b64>?=(matching the spec's examples).The encoding is not just spec-compliance — without it, a tool name/URI containing non-ASCII raises
UnicodeEncodeErrorand breaks the request, and a value containing CR/LF is a header-injection vector. Verified both:cafénow sends as=?base64?Y2Fmw6k=?=and is accepted by httpx;"a\r\nEvil: 1"is base64-wrapped.The broader
x-mcp-headercustom-header part of SEP-2243 is intentionally out of scope here (separate feature); this PR covers theMcp-Method/Mcp-Namerequirement from #2715.Tests
test_set_mcp_request_headers— request withname, withuri, no params, non-stringname, notification, response, error, and a non-ASCII name (end-to-end encoding).test_encode_mcp_header_value— passthrough + each base64 trigger (non-ASCII, whitespace, control char, sentinel collision), using SEP-2243's own example values.Full
tests/shared/test_streamable_http.pypasses (76 tests);ruffandpyrightclean.