Skip to content

Parsing middleware fails on SSE streams #1187

New issue
New issue
Open
Open
Parsing middleware fails on SSE streams#1187
Labels
bugSomething isn't working
@blkt

Description

@blkt
blkt
opened on Jul 25, 2025

Bug description

The Parsing middleware does not work correctly when the path does not contain /messages, /message, or /mcp (see here).

The problem is that the MCP spec allows for other endpoints to be used, as long as

  • it's a single one for Streamable HTTP transport
  • they're two distinct ones for SSE transport

In such cases, the parser skips parsing and forwards the request as is, which causes failures downstream (i.e. in the Authorization middleware).

Steps to reproduce

I could only verify it using dlv and curl. See here for some example steps, but bear in mind that, when using SSE transport, StacklokLabs/gofetch MCP server relies on a single endpoint, namely /sse, for both SSE stream and messages, which is not conformant to the MCP spec.

Expected behavior

Parsing succeeds for any valid JSON.
Parsing succeeds regardless of the HTTP path.

Additional context

I ran into this issue using gofetch to test the implementation of tool filtering. Worth noting that this parsing mechanism works only on Content-Type: application/json and is not usable to parse JSON-RPC payloads generally as in the case of SSE response streams.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions