Skip to content

Commit bdd71aa

Browse files
EdouardCourtyEdouardCourty
committed
chore(http): create constant for session id header
1 parent 02e8637 commit bdd71aa

File tree

2 files changed

+19
-8
lines changed

2 files changed

+19
-8
lines changed

src/Server/Transport/StreamableHttpTransport.php

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,17 @@
3030
*/
3131
class StreamableHttpTransport extends BaseTransport
3232
{
33+
private const SESSION_HEADER = 'Mcp-Session-Id';
34+
35+
private const ALLOWED_HEADER = [
36+
'Accept',
37+
'Authorization',
38+
'Content-Type',
39+
'Last-Event-ID',
40+
'Mcp-Protocol-Version',
41+
self::SESSION_HEADER,
42+
];
43+
3344
private ResponseFactoryInterface $responseFactory;
3445
private StreamFactoryInterface $streamFactory;
3546

@@ -62,8 +73,8 @@ public function __construct(
6273
$this->corsHeaders = array_merge([
6374
'Access-Control-Allow-Origin' => '*',
6475
'Access-Control-Allow-Methods' => 'GET, POST, DELETE, OPTIONS',
65-
'Access-Control-Allow-Headers' => 'Content-Type, Mcp-Session-Id, Mcp-Protocol-Version, Last-Event-ID, Authorization, Accept',
66-
'Access-Control-Expose-Headers' => 'Mcp-Session-Id',
76+
'Access-Control-Allow-Headers' => implode(',', self::ALLOWED_HEADER),
77+
'Access-Control-Expose-Headers' => self::SESSION_HEADER,
6778
], $corsHeaders);
6879

6980
foreach ($middleware as $m) {
@@ -120,7 +131,7 @@ protected function handlePostRequest(): ResponseInterface
120131
protected function handleDeleteRequest(): ResponseInterface
121132
{
122133
if (!$this->sessionId) {
123-
return $this->createErrorResponse(Error::forInvalidRequest('Mcp-Session-Id header is required.'), 400);
134+
return $this->createErrorResponse(Error::forInvalidRequest(self::SESSION_HEADER.' header is required.'), 400);
124135
}
125136

126137
$this->handleSessionEnd($this->sessionId);
@@ -144,7 +155,7 @@ protected function createJsonResponse(): ResponseInterface
144155
->withBody($this->streamFactory->createStream($responseBody));
145156

146157
if ($this->sessionId) {
147-
$response = $response->withHeader('Mcp-Session-Id', $this->sessionId->toRfc4122());
158+
$response = $response->withHeader(self::SESSION_HEADER, $this->sessionId->toRfc4122());
148159
}
149160

150161
return $response;
@@ -211,7 +222,7 @@ protected function createStreamedResponse(): ResponseInterface
211222
->withBody($stream);
212223

213224
if ($this->sessionId) {
214-
$response = $response->withHeader('Mcp-Session-Id', $this->sessionId->toRfc4122());
225+
$response = $response->withHeader(self::SESSION_HEADER, $this->sessionId->toRfc4122());
215226
}
216227

217228
return $response;
@@ -276,7 +287,7 @@ protected function withCorsHeaders(ResponseInterface $response): ResponseInterfa
276287
private function handleRequest(ServerRequestInterface $request): ResponseInterface
277288
{
278289
$this->request = $request;
279-
$sessionIdString = $request->getHeaderLine('Mcp-Session-Id');
290+
$sessionIdString = $request->getHeaderLine(self::SESSION_HEADER);
280291
$this->sessionId = $sessionIdString ? Uuid::fromString($sessionIdString) : null;
281292

282293
return match ($request->getMethod()) {

tests/Unit/Server/Transport/StreamableHttpTransportTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
8080
$this->assertSame('*', $response->getHeaderLine('Access-Control-Allow-Origin'));
8181
$this->assertSame('GET, POST, DELETE, OPTIONS', $response->getHeaderLine('Access-Control-Allow-Methods'));
8282
$this->assertSame(
83-
'Content-Type, Mcp-Session-Id, Mcp-Protocol-Version, Last-Event-ID, Authorization, Accept',
83+
'Accept,Authorization,Content-Type,Last-Event-ID,Mcp-Protocol-Version,Mcp-Session-Id',
8484
$response->getHeaderLine('Access-Control-Allow-Headers')
8585
);
8686
$this->assertSame('Mcp-Session-Id', $response->getHeaderLine('Access-Control-Expose-Headers'));
@@ -120,7 +120,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
120120
$this->assertSame('https://another.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
121121
$this->assertSame('GET, POST, DELETE, OPTIONS', $response->getHeaderLine('Access-Control-Allow-Methods'));
122122
$this->assertSame(
123-
'Content-Type, Mcp-Session-Id, Mcp-Protocol-Version, Last-Event-ID, Authorization, Accept',
123+
'Accept,Authorization,Content-Type,Last-Event-ID,Mcp-Protocol-Version,Mcp-Session-Id',
124124
$response->getHeaderLine('Access-Control-Allow-Headers')
125125
);
126126
$this->assertSame('Mcp-Session-Id', $response->getHeaderLine('Access-Control-Expose-Headers'));

0 commit comments

Comments
 (0)