Modify Origin header validation in validateRequestHeaders (streamableHttp.ts and sse.ts) to allow requests without an Origin, as they are not relevant to server DNS rebinding protection. #720
jacopocAnnotations
1 notice
|
pkg-publish
{
"workflowData": {
"owner": "modelcontextprotocol",
"repo": "typescript-sdk",
"sha": "2b77c8539f264eaec564cecdc52259c371b7b776",
"ref": "1205"
},
"key": "TEltFZiQOQ",
"runId": 19832865129,
"webhookDebug": {
"action": "requested",
"head_branch": "improve-header-validation-for-dns-rebinding-protection",
"head_repository_full_name": "jacopoc/typescript-sdk",
"full_name": "modelcontextprotocol/typescript-sdk",
"isPullRequest": true,
"prNumber": 1205,
"prNumberType": "number",
"isNewPullRequest": true,
"isOldPullRequest": false,
"prKey": "jacopoc/typescript-sdk:improve-header-validation-for-dns-rebinding-protection",
"oldPrDataHash": "AdwiOLmahg",
"lookupKey": "jacopoc/typescript-sdk:improve-header-validation-for-dns-rebinding-protection",
"data": {
"owner": "modelcontextprotocol",
"repo": "typescript-sdk",
"sha": "2b77c8539f264eaec564cecdc52259c371b7b776",
"ref": "1205"
}
}
}
|