Skip to content

Comments

Send and validate MCP-Protocol-Version header on Streamable HTTP transport#675

Draft
DaleSeo wants to merge 1 commit intomainfrom
fix-mcp-protocol-version-header
Draft

Send and validate MCP-Protocol-Version header on Streamable HTTP transport#675
DaleSeo wants to merge 1 commit intomainfrom
fix-mcp-protocol-version-header

Conversation

@DaleSeo
Copy link
Contributor

@DaleSeo DaleSeo commented Feb 20, 2026

Closes #587

Motivation and Context

2026-02-20 at 17 30 50

The MCP 2025-06-18 spec requires clients to send an MCP-Protocol-Version header containing the negotiated protocol version on every HTTP request after initialization. Servers must return 400 Bad Request if the header contains an unsupported value. Neither side currently handles this header, which is one of the blockers for 2025-06-18 compliance.

On the client side, the worker now extracts the negotiated version from the initialize response and injects it as an MCP-Protocol-Version header into every subsequent POST, GET, and DELETE request. On the server side, StreamableHttpService validates the header on all non-initialization requests and rejects unsupported values with a 400 response. Requests without the header are accepted for backwards compatibility with older clients, per the spec.

How Has This Been Tested?

Added integration tests to cover the changes, and all the existing tests are still passing.

Breaking Changes

The StreamableHttpClient trait now requires a custom_headers: HashMap<HeaderName, HeaderValue> parameter on get_stream and delete_session. This is a breaking change for anyone implementing the trait directly, but post_message already had this parameter so the update is straightforward. The public StreamableHttpClientTransport API is unchanged.

fn get_stream(
    &self,
    uri: Arc<str>,
    session_id: Arc<str>,
    last_event_id: Option<String>,
    auth_header: Option<String>,
    custom_headers: HashMap<HeaderName, HeaderValue>, // new
) -> ...;

fn delete_session(
    &self,
    uri: Arc<str>,
    session_id: Arc<str>,
    auth_header: Option<String>,
    custom_headers: HashMap<HeaderName, HeaderValue>, // new
) -> ...;

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

@DaleSeo DaleSeo self-assigned this Feb 20, 2026
@github-actions github-actions bot added T-test Testing related changes T-core Core library changes T-transport Transport layer changes labels Feb 20, 2026
@DaleSeo DaleSeo force-pushed the fix-mcp-protocol-version-header branch from 34c64a3 to d997737 Compare February 20, 2026 22:41
@DaleSeo DaleSeo force-pushed the fix-mcp-protocol-version-header branch from d997737 to f0bc7f9 Compare February 20, 2026 22:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@DaleSeo DaleSeo

Labels

T-core Core library changes T-test Testing related changes T-transport Transport layer changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Negotiate Compatible MCP Protocols with MCP Clients

1 participant

@DaleSeo