Description:
Currently, when accessing the MCP Streamable HTTP server at https://host:port/mcp without providing a session ID, the server responds with the full exception stack trace and detailed error information.
Issue:
Returning the complete stack trace in the response is not user-friendly and may expose internal details unnecessarily.
https://github.com/modelcontextprotocol/java-sdk/blob/7f16cd0b9dc72f5adc3358a903bebb0f909dda3e/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java#L264C4-L264C100
Suggestion:
Instead of returning the full error, return a simple, clear message indicating there is an issue with the request headers or the session ID
stack trace
{
"cause": null,
"stackTrace": [
{
"moduleName": null,
"moduleVersion": null,
"classLoaderName": null,
"methodName": "doGet",
"fileName": "HttpServletStreamableServerTransportProvider.java",
"lineNumber": 268,
"className": "com.ibm.modelcontextprotocol.server.transport.HttpServletStreamableServerTransportProvider",
"nativeMethod": false
},
{
"moduleName": null,
"moduleVersion": null,
"classLoaderName": null,
"methodName": "service",
"fileName": "HttpServlet.java",
"lineNumber": 527,
"className": "jakarta.servlet.http.HttpServlet",
"nativeMethod": false
},
{
"moduleName": null,
"moduleVersion": null,
"classLoaderName": null,
"methodName": "service",
"fileName": "HttpServlet.java",
"lineNumber": 614,
"className": "jakarta.servlet.http.HttpServlet",
"nativeMethod": false
}
],
"jsonRpcError": null,
"message": "text/event-stream required in Accept header; Session ID required in mcp-session-id header",
"localizedMessage": "text/event-stream required in Accept header; Session ID required in mcp-session-id header",
"suppressed": []
}
Description:
Currently, when accessing the MCP Streamable HTTP server at https://host:port/mcp without providing a session ID, the server responds with the full exception stack trace and detailed error information.
Issue:
Returning the complete stack trace in the response is not user-friendly and may expose internal details unnecessarily.
https://github.com/modelcontextprotocol/java-sdk/blob/7f16cd0b9dc72f5adc3358a903bebb0f909dda3e/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletStreamableServerTransportProvider.java#L264C4-L264C100
Suggestion:
Instead of returning the full error, return a simple, clear message indicating there is an issue with the request headers or the session ID
stack trace
{ "cause": null, "stackTrace": [ { "moduleName": null, "moduleVersion": null, "classLoaderName": null, "methodName": "doGet", "fileName": "HttpServletStreamableServerTransportProvider.java", "lineNumber": 268, "className": "com.ibm.modelcontextprotocol.server.transport.HttpServletStreamableServerTransportProvider", "nativeMethod": false }, { "moduleName": null, "moduleVersion": null, "classLoaderName": null, "methodName": "service", "fileName": "HttpServlet.java", "lineNumber": 527, "className": "jakarta.servlet.http.HttpServlet", "nativeMethod": false }, { "moduleName": null, "moduleVersion": null, "classLoaderName": null, "methodName": "service", "fileName": "HttpServlet.java", "lineNumber": 614, "className": "jakarta.servlet.http.HttpServlet", "nativeMethod": false } ], "jsonRpcError": null, "message": "text/event-stream required in Accept header; Session ID required in mcp-session-id header", "localizedMessage": "text/event-stream required in Accept header; Session ID required in mcp-session-id header", "suppressed": [] }