René's URL Explorer Experiment


Title: streamable_http client does not send `Origin` header → rejected with 403 by spec-compliant servers (e.g. go-sdk `CrossOriginProtection`) · Issue #2727 · modelcontextprotocol/python-sdk · GitHub

Open Graph Title: streamable_http client does not send `Origin` header → rejected with 403 by spec-compliant servers (e.g. go-sdk `CrossOriginProtection`) · Issue #2727 · modelcontextprotocol/python-sdk

X Title: streamable_http client does not send `Origin` header → rejected with 403 by spec-compliant servers (e.g. go-sdk `CrossOriginProtection`) · Issue #2727 · modelcontextprotocol/python-sdk

Description: Summary The Python SDK's streamable_http_client opens its POST handshake without an Origin header (and without Sec-Fetch-Site). The official Go SDK (modelcontextprotocol/go-sdk v1.4.x) wraps every streamable-HTTP handler with Go 1.25's s...

Open Graph Description: Summary The Python SDK's streamable_http_client opens its POST handshake without an Origin header (and without Sec-Fetch-Site). The official Go SDK (modelcontextprotocol/go-sdk v1.4.x) wraps every ...

X Description: Summary The Python SDK's streamable_http_client opens its POST handshake without an Origin header (and without Sec-Fetch-Site). The official Go SDK (modelcontextprotocol/go-sdk v1.4.x) wraps ev...

Opengraph URL: https://github.com/modelcontextprotocol/python-sdk/issues/2727

X: @github

direct link

Domain: github.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"streamable_http client does not send `Origin` header → rejected with 403 by spec-compliant servers (e.g. go-sdk `CrossOriginProtection`)","articleBody":"## Summary\n\nThe Python SDK's `streamable_http_client` opens its POST handshake without an `Origin` header (and without `Sec-Fetch-Site`). The official Go SDK (`modelcontextprotocol/go-sdk` v1.4.x) wraps every streamable-HTTP handler with Go 1.25's stdlib `http.CrossOriginProtection`, which enforces the spec's anti-DNS-rebinding rule and **denies any state-changing request that cannot prove same-origin** via one of:\n\n- `Sec-Fetch-Site: same-origin | same-site | none` (browser-only), or\n- An `Origin` header whose host matches the server's `Host`, or\n- An origin explicitly listed via `CrossOriginProtection.AddTrustedOrigin`.\n\nSince the Python client sends none of those, a perfectly legitimate server-to-server connection from the official Python client to the official Go server is indistinguishable from a CSRF attempt → **HTTP 403 Forbidden** on the very first POST.\n\nSo the two reference SDKs from the same org are out of sync by one spec revision: the Go server enforces the new rule; the Python client doesn't yet send the headers that satisfy it.\n\n## Reproduction\n\n**Server** — a Go MCP server built with `modelcontextprotocol/go-sdk@v1.4.1` and the standard handler:\n\n```go\nhandler := mcp.NewStreamableHTTPHandler(\n    func(_ *http.Request) *mcp.Server { return srv },\n    nil, // default CrossOriginProtection: deny non-same-origin\n)\nhttp.Handle(\"/mcp\", handler)\n```\n\n**Client** — Python `mcp` SDK:\n\n```python\nfrom mcp.client.streamable_http import streamablehttp_client\nfrom mcp.client.session import ClientSession\n\nasync with streamablehttp_client(\"http://my-go-server:8081/mcp\") as (read, write, _):\n    async with ClientSession(read, write) as session:\n        await session.initialize()   # never completes\n```\n\n**Observed:**\n\n1. `httpx` POSTs to `/mcp` with no `Origin` header, no `Sec-Fetch-*` headers.\n2. Go server returns `HTTP/1.1 403 Forbidden` immediately.\n3. Python client `post_writer` swallows the non-2xx (see #2110), and `session.initialize()` hangs forever on the read stream.\n4. Eventually the caller (e.g. a FastAPI startup hook with a `wait_for` timeout) cancels, which surfaces as `RuntimeError: Attempted to exit cancel scope in a different task than it was entered in` because the `streamable_http_client` task group was entered in one task and is being torn down in another.\n\n**Expected:** the Python client should send an `Origin` header derived from the target URL by default, so a spec-compliant server accepts the handshake.\n\n## Workarounds (today)\n\n- **Server side, Go**: pass `\u0026mcp.StreamableHTTPHandlerOptions{CrossOriginProtection: cop}` with `cop.AddTrustedOrigin(...)`, or set `GODEBUG=disablecrossoriginprotection=1`. Both require code/env changes on every server deployment.\n- **Client side, Python**: monkey-patch the httpx client to inject `Origin`. Brittle; depends on internals of `streamable_http`.\n\nNeither is satisfactory if both reference SDKs are supposed to interoperate out of the box.\n\n## Suggested fix\n\nIn `mcp.client.streamable_http`, when opening the `httpx.AsyncClient`, derive a default `Origin` header from the target URL's scheme + netloc and add it to every outgoing request:\n\n```python\nparsed = urlparse(self.url)\ndefault_origin = f\"{parsed.scheme}://{parsed.netloc}\"\nheaders.setdefault(\"Origin\", default_origin)\n```\n\nThis makes the Python client's traffic indistinguishable from a same-origin browser request as far as `CrossOriginProtection.Check` is concerned, without weakening any server's CSRF posture. Callers who *want* a different `Origin` (e.g. multi-tenant proxies) can still override via the existing custom-headers path.\n\nOptionally, also set `Sec-Fetch-Site: same-origin` so the Go middleware short-circuits on the cheaper check.\n\n## Related\n\n- #2110 — explains why the resulting 403 manifests as a client hang instead of a clean exception.\n- #1798 / #861 — the Python *server* added equivalent DNS-rebinding protection; the *client* never picked up the matching header behavior.\n\n## Environment\n\n- `mcp` (Python SDK): latest installed via `mcp \u003e= 1.x` (tested under Locus's `locus.integrations.fastmcp.MCPClient` wrapper, which is a thin pass-through to `streamablehttp_client`).\n- `modelcontextprotocol/go-sdk@v1.4.1` (server).\n- Go 1.25 (stdlib `http.CrossOriginProtection`).\n- Python 3.13, anyio 4.x.","author":{"url":"https://github.com/fede-kamel","@type":"Person","name":"fede-kamel"},"datePublished":"2026-05-30T02:44:31.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/2727/python-sdk/issues/2727"}

route-pattern/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controllervoltron_issues_fragments
route-actionissue_layout
fetch-noncev2:94012779-bced-6dbc-643e-e9e74cefbfe5
current-catalog-service-hash81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-idBFEE:A4CAA:18F88C1:23BB59B:6A5A39E4
html-safe-nonce79c801643db1c0d3d98255db62b4e520ef8a890ded387e75b12f972f7fec7d09
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCRkVFOkE0Q0FBOjE4Rjg4QzE6MjNCQjU5Qjo2QTVBMzlFNCIsInZpc2l0b3JfaWQiOiI0OTMzMzQzODM0NzcwMzg5NDc3IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmace6635108f5dd5b3cede31f68f3f386cca2fdd85544abeeea7a6e8aa195a138d4
hovercard-subject-tagissue:4552936463
github-keyboard-shortcutsrepository,issues,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/issues_fragments/issue_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/modelcontextprotocol/python-sdk/2727/issue_layout
twitter:imagehttps://opengraph.githubassets.com/36ef8e4f5eabedfb8a739d0790717e36a37423e12c7ac77fd6d88a3b0ecb053b/modelcontextprotocol/python-sdk/issues/2727
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/36ef8e4f5eabedfb8a739d0790717e36a37423e12c7ac77fd6d88a3b0ecb053b/modelcontextprotocol/python-sdk/issues/2727
og:image:altSummary The Python SDK's streamable_http_client opens its POST handshake without an Origin header (and without Sec-Fetch-Site). The official Go SDK (modelcontextprotocol/go-sdk v1.4.x) wraps every ...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernamefede-kamel
hostnamegithub.com
expected-hostnamegithub.com
None19c67ad7579d2401ff06e88a32ef45460fbb40fab3191c7f7582d5e166f326fc
turbo-cache-controlno-preview
go-importgithub.com/modelcontextprotocol/python-sdk git https://github.com/modelcontextprotocol/python-sdk.git
octolytics-dimension-user_id182288589
octolytics-dimension-user_loginmodelcontextprotocol
octolytics-dimension-repository_id862584018
octolytics-dimension-repository_nwomodelcontextprotocol/python-sdk
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id862584018
octolytics-dimension-repository_network_root_nwomodelcontextprotocol/python-sdk
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releasee618485bff22dab2ef1ffb4e34e4e6626688df69
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/modelcontextprotocol/python-sdk/issues/2727#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fmodelcontextprotocol%2Fpython-sdk%2Fissues%2F2727
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/open-source/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/open-source/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/enterprise/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fmodelcontextprotocol%2Fpython-sdk%2Fissues%2F2727
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=modelcontextprotocol%2Fpython-sdk
Reloadhttps://github.com/modelcontextprotocol/python-sdk/issues/2727
Reloadhttps://github.com/modelcontextprotocol/python-sdk/issues/2727
Reloadhttps://github.com/modelcontextprotocol/python-sdk/issues/2727
Please reload this pagehttps://github.com/modelcontextprotocol/python-sdk/issues/2727
modelcontextprotocol https://github.com/modelcontextprotocol
python-sdkhttps://github.com/modelcontextprotocol/python-sdk
Notifications https://github.com/login?return_to=%2Fmodelcontextprotocol%2Fpython-sdk
Fork 3.7k https://github.com/login?return_to=%2Fmodelcontextprotocol%2Fpython-sdk
Star 23.6k https://github.com/login?return_to=%2Fmodelcontextprotocol%2Fpython-sdk
Code https://github.com/modelcontextprotocol/python-sdk
Issues 255 https://github.com/modelcontextprotocol/python-sdk/issues
Pull requests 303 https://github.com/modelcontextprotocol/python-sdk/pulls
Actions https://github.com/modelcontextprotocol/python-sdk/actions
Projects https://github.com/modelcontextprotocol/python-sdk/projects
Models https://github.com/modelcontextprotocol/python-sdk/models
Security and quality 6 https://github.com/modelcontextprotocol/python-sdk/security
Insights https://github.com/modelcontextprotocol/python-sdk/pulse
Code https://github.com/modelcontextprotocol/python-sdk
Issues https://github.com/modelcontextprotocol/python-sdk/issues
Pull requests https://github.com/modelcontextprotocol/python-sdk/pulls
Actions https://github.com/modelcontextprotocol/python-sdk/actions
Projects https://github.com/modelcontextprotocol/python-sdk/projects
Models https://github.com/modelcontextprotocol/python-sdk/models
Security and quality https://github.com/modelcontextprotocol/python-sdk/security
Insights https://github.com/modelcontextprotocol/python-sdk/pulse
#2729https://github.com/modelcontextprotocol/python-sdk/pull/2729
streamable_http client does not send Origin header → rejected with 403 by spec-compliant servers (e.g. go-sdk CrossOriginProtection)https://github.com/modelcontextprotocol/python-sdk/issues/2727#top
#2729https://github.com/modelcontextprotocol/python-sdk/pull/2729
P3Nice to haves, rare edge caseshttps://github.com/modelcontextprotocol/python-sdk/issues?q=state%3Aopen%20label%3A%22P3%22
enhancementRequest for a new feature that's not currently supportedhttps://github.com/modelcontextprotocol/python-sdk/issues?q=state%3Aopen%20label%3A%22enhancement%22
needs decisionIssue is actionable, needs maintainer decision on whether to implementhttps://github.com/modelcontextprotocol/python-sdk/issues?q=state%3Aopen%20label%3A%22needs%20decision%22
https://github.com/fede-kamel
fede-kamelhttps://github.com/fede-kamel
on May 30, 2026https://github.com/modelcontextprotocol/python-sdk/issues/2727#issue-4552936463
HTTP transport swallows non-2xx status codes causing client to hang #2110https://github.com/modelcontextprotocol/python-sdk/issues/2110
HTTP transport swallows non-2xx status codes causing client to hang #2110https://github.com/modelcontextprotocol/python-sdk/issues/2110
Guide: Resolving "421 Invalid Host Header" (DNS Rebinding Protection) #1798https://github.com/modelcontextprotocol/python-sdk/issues/1798
Add support for DNS rebinding protections #861https://github.com/modelcontextprotocol/python-sdk/pull/861
P3Nice to haves, rare edge caseshttps://github.com/modelcontextprotocol/python-sdk/issues?q=state%3Aopen%20label%3A%22P3%22
enhancementRequest for a new feature that's not currently supportedhttps://github.com/modelcontextprotocol/python-sdk/issues?q=state%3Aopen%20label%3A%22enhancement%22
needs decisionIssue is actionable, needs maintainer decision on whether to implementhttps://github.com/modelcontextprotocol/python-sdk/issues?q=state%3Aopen%20label%3A%22needs%20decision%22
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.