Skip to content

Validate transport.config.url before fetch in remote MCP client (don't echo the value) #231

Description

@germanescobar

Summary

withHttpSession in server/lib/mcp-client.ts (added in #229 / #230) passes connection.transport.config.url straight to fetch. When that value isn't a valid URL, the native fetch error is surfaced as:

Failed to reach MCP server: Failed to parse URL from <value>

This is confusing, and — critically — it echoes the offending value back to the user. In practice this bit us: a token pasted into the URL field produced Failed to parse URL from cfut_…, leaking the credential into both the terminal output and (separately) the plaintext integrations.json config.

Proposed change

In withHttpSession, validate config.url up front, before any network call:

  • Reject anything that isn't a syntactically valid http(s) URL, mirroring executeRequest's safeOrigin helper in integration-execute.ts.
  • Fail with a clear, generic message that does not echo the input value, e.g. This MCP connection's URL is not a valid http(s) URL.

Why

  • Clear error for the common misconfiguration (wrong field, typo).
  • Avoids echoing a value that may be a secret into logs/terminal.
  • Consistent with how the REST/OpenAPI executor already guards its base URL.

Acceptance criteria

  • A connection whose transport.config.url is not a valid http(s) URL fails fast with a clear message that does not include the value.
  • Valid http/https URLs continue to work unchanged.
  • Unit test covering the invalid-URL case (asserting the value is not present in the error).

Context

Follow-up to #229 (PR #230). Surfaced while registering the Cloudflare Code Mode integration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions