Skip to content

fix(server): reject userinfo in Origin and Host headers#2490

Open
morluto wants to merge 2 commits into
modelcontextprotocol:mainfrom
morluto:fix/reject-header-userinfo
Open

fix(server): reject userinfo in Origin and Host headers#2490
morluto wants to merge 2 commits into
modelcontextprotocol:mainfrom
morluto:fix/reject-header-userinfo

Conversation

@morluto

@morluto morluto commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Fixes #2489.

Summary

Reject Origin and Host header values containing URL userinfo before matching their hostnames against an allowlist.

The validators previously compared only the hostname returned by URL. Because URL parsing removes userinfo components, values such as http://user@localhost, http://@localhost, and user@localhost:3000 were normalized to the allowlisted hostname localhost.

What changed

  • Reject the raw @ userinfo delimiter before matching the parsed hostname against an allowlist.
  • Return invalid_origin_header or invalid_host_header when the delimiter is present.
  • Add direct regression coverage for empty, username, and username/password forms.
  • Verify the public response helpers return HTTP 403.
  • Preserve valid hostname, port, IPv4, and bracketed IPv6 behavior.

The shared server helpers are consumed by the Node, Express, Fastify, and Hono middleware, so the adapters inherit the corrected parsing behavior without adapter-specific changes.

Behavior and scope

This prevents invalid Origin and Host syntax from being normalized into an allowlisted hostname.

Browsers do not normally emit userinfo in Origin or permit JavaScript to set Host directly, so this change is scoped as parser-boundary hardening rather than a demonstrated browser exploit. Valid hostname, port, IPv4, and bracketed IPv6 forms remain unchanged.

How has this been tested?

  • Before the fix, the focused regression suite had four failures: both direct validators accepted userinfo, and both response helpers omitted the HTTP 403 rejection.
  • pnpm --filter @modelcontextprotocol/server exec vitest run test/server/originValidation.test.ts test/server/hostHeaderValidation.test.ts — 12 tests passed.
  • pnpm --filter @modelcontextprotocol/server test — 470 tests passed.
  • pnpm --filter @modelcontextprotocol/node exec vitest run test/validation.test.ts — 5 tests passed.
  • pnpm --filter @modelcontextprotocol/server build
  • ESLint and Prettier checks for all changed files.

Breaking changes

None. Valid Origin and Host values retain their existing behavior.

Types of changes

  • Bug fix (non-breaking change)
  • New feature
  • Breaking change
  • Documentation update

Checklist

  • I have read the MCP documentation.
  • My code follows the repository's style guidelines.
  • New and existing tests pass locally.
  • I have added appropriate error handling.
  • I added a patch changeset.

@morluto morluto requested a review from a team as a code owner July 14, 2026 00:42
@changeset-bot

changeset-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 58451de

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
@modelcontextprotocol/server Patch
@modelcontextprotocol/core Patch
@modelcontextprotocol/client Patch
@modelcontextprotocol/server-legacy Patch
@modelcontextprotocol/codemod Patch
@modelcontextprotocol/core-internal Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@pkg-pr-new

pkg-pr-new Bot commented Jul 14, 2026

Copy link
Copy Markdown

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/@modelcontextprotocol/client@2490

@modelcontextprotocol/codemod

npm i https://pkg.pr.new/@modelcontextprotocol/codemod@2490

@modelcontextprotocol/core

npm i https://pkg.pr.new/@modelcontextprotocol/core@2490

@modelcontextprotocol/server

npm i https://pkg.pr.new/@modelcontextprotocol/server@2490

@modelcontextprotocol/server-legacy

npm i https://pkg.pr.new/@modelcontextprotocol/server-legacy@2490

@modelcontextprotocol/express

npm i https://pkg.pr.new/@modelcontextprotocol/express@2490

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/@modelcontextprotocol/fastify@2490

@modelcontextprotocol/hono

npm i https://pkg.pr.new/@modelcontextprotocol/hono@2490

@modelcontextprotocol/node

npm i https://pkg.pr.new/@modelcontextprotocol/node@2490

commit: 58451de

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[v2] Origin and Host validators accept userinfo before allowlisted hostnames

1 participant