Describe the bug
After a normal Streamable HTTP initialization flow, the transport accepts requests with an unsupported or malformed MCP-Protocol-Version header and dispatches them normally with HTTP 200. The MCP Streamable HTTP specification for 2025-11-25 requires servers to respond with HTTP 400 Bad Request for invalid or unsupported MCP-Protocol-Version values.
To Reproduce
- Start a Streamable HTTP server using the Ruby SDK.
- Complete a normal
initialize → notifications/initialized handshake.
- Send a valid JSON-RPC request, such as
ping or tools/list, with MCP-Protocol-Version set to 1900-01-01 (well-formed but unsupported) or not-a-version (malformed).
- Observe the response.
Expected behavior
The server should reject the request before dispatching it:
Logs
Unsupported version:
POST /mcp HTTP/1.1
MCP-Protocol-Version: 1900-01-01
Content-Type: application/json
{"jsonrpc":"2.0","method":"tools/list","id":1}
HTTP/1.1 200 OK
{"jsonrpc":"2.0","result":{"tools":[...]},"id":1}
Malformed version:
POST /mcp HTTP/1.1
MCP-Protocol-Version: not-a-version
Content-Type: application/json
{"jsonrpc":"2.0","method":"tools/list","id":1}
HTTP/1.1 200 OK
{"jsonrpc":"2.0","result":{...},"id":1}
Additional context
Describe the bug
After a normal Streamable HTTP initialization flow, the transport accepts requests with an unsupported or malformed
MCP-Protocol-Versionheader and dispatches them normally with HTTP 200. The MCP Streamable HTTP specification for2025-11-25requires servers to respond with HTTP400 Bad Requestfor invalid or unsupportedMCP-Protocol-Versionvalues.To Reproduce
initialize→notifications/initializedhandshake.pingortools/list, withMCP-Protocol-Versionset to1900-01-01(well-formed but unsupported) ornot-a-version(malformed).Expected behavior
The server should reject the request before dispatching it:
Logs
Unsupported version:
Malformed version:
Additional context
MCP-Protocol-Versionheaders is a separate concern.