Skip to content

Commit 8e2ec6f

Browse files
shivama205Shivam
shivama205
authored and
Shivam
committed
fix: address review feedback for accept header parsing
- Normalize media types to lowercase for case-insensitive matching per RFC 7231 - Use exact match instead of startswith to prevent over-matching - Replace headers.update with headers.pop for cleaner Accept removal in tests
1 parent 6af5bfe commit 8e2ec6f

File tree

2 files changed

+6
-10
lines changed

2 files changed

+6
-10
lines changed

src/mcp/server/streamable_http.py

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -399,15 +399,11 @@ def _check_accept_headers(self, request: Request) -> tuple[bool, bool]:
399399
- text/* matches any text/ subtype
400400
"""
401401
accept_header = request.headers.get("accept", "")
402-
accept_types = [media_type.strip().split(";")[0].strip() for media_type in accept_header.split(",")]
402+
accept_types = [media_type.strip().split(";")[0].strip().lower() for media_type in accept_header.split(",")]
403403

404404
has_wildcard = "*/*" in accept_types
405-
has_json = has_wildcard or any(
406-
media_type.startswith(CONTENT_TYPE_JSON) or media_type == "application/*" for media_type in accept_types
407-
)
408-
has_sse = has_wildcard or any(
409-
media_type.startswith(CONTENT_TYPE_SSE) or media_type == "text/*" for media_type in accept_types
410-
)
405+
has_json = has_wildcard or any(t in (CONTENT_TYPE_JSON, "application/*") for t in accept_types)
406+
has_sse = has_wildcard or any(t in (CONTENT_TYPE_SSE, "text/*") for t in accept_types)
411407

412408
return has_json, has_sse
413409

tests/shared/test_streamable_http.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -574,7 +574,7 @@ def test_accept_header_validation(basic_server: None, basic_server_url: str):
574574
"""Test that Accept header is properly validated."""
575575
# Test without Accept header (suppress requests library default Accept: */*)
576576
session = requests.Session()
577-
session.headers.update({"Accept": None}) # type: ignore[arg-type]
577+
session.headers.pop("Accept")
578578
response = session.post(
579579
f"{basic_server_url}/mcp",
580580
headers={"Content-Type": "application/json"},
@@ -876,7 +876,7 @@ def test_json_response_missing_accept_header(json_response_server: None, json_se
876876
mcp_url = f"{json_server_url}/mcp"
877877
# Suppress requests library default Accept: */* header
878878
session = requests.Session()
879-
session.headers.update({"Accept": None}) # type: ignore[arg-type]
879+
session.headers.pop("Accept")
880880
response = session.post(
881881
mcp_url,
882882
headers={
@@ -1017,7 +1017,7 @@ def test_get_validation(basic_server: None, basic_server_url: str):
10171017

10181018
# Test without Accept header (suppress requests library default Accept: */*)
10191019
session = requests.Session()
1020-
session.headers.update({"Accept": None}) # type: ignore[arg-type]
1020+
session.headers.pop("Accept")
10211021
response = session.get(
10221022
mcp_url,
10231023
headers={

0 commit comments

Comments
 (0)