fix(client): send same-origin Origin header from streamable HTTP client

Closes #2727

The streamable HTTP client opened its POST handshake without an Origin
header, so spec-compliant servers that enforce anti-DNS-rebinding / CSRF
protection (e.g. the Go SDK's http.CrossOriginProtection) reject the very
first request with 403 Forbidden, and the client then hangs on the read
stream.

_prepare_headers now derives a same-origin value (scheme://host[:port])
from the target URL and sends it as the Origin header. URLs without a
scheme or host add no header. Callers needing a different Origin can set
one on the underlying httpx client's default headers.

Author: Bartok9

src/mcp/client/streamable_http.py

@@ -7,6 +7,7 @@
 from collections.abc import AsyncGenerator, Awaitable, Callable
 from contextlib import asynccontextmanager
 from dataclasses import dataclass
+from urllib.parse import urlsplit
 
 import anyio
 import httpx
@@ -86,6 +87,19 @@ def __init__(self, url: str) -> None:
         # response/error/cancel POSTs that bypass the session's stamp). Cleared when an
         # `initialize` POST goes out so a probe-stamped value cannot leak onto the handshake.
         self._protocol_version_header: str | None = None
+        self._default_origin = self._derive_origin(url)
+
+    @staticmethod
+    def _derive_origin(url: str) -> str | None:
+        """Derive a same-origin ``Origin`` value (scheme://host[:port]) from a URL.
+
+        Returns ``None`` when the URL has no scheme or host, in which case no
+        ``Origin`` header is added.
+        """
+        parsed = urlsplit(url)
+        if not parsed.scheme or not parsed.netloc:
+            return None
+        return f"{parsed.scheme}://{parsed.netloc}"
 
     def _prepare_headers(self) -> dict[str, str]:
         """Build MCP-specific request headers for any outbound HTTP request.
@@ -101,6 +115,13 @@ def _prepare_headers(self) -> dict[str, str]:
             "accept": "application/json, text/event-stream",
             "content-type": "application/json",
         }
+        # Send a same-origin Origin header by default so spec-compliant servers
+        # that enforce anti-DNS-rebinding / CSRF protection (e.g. the Go SDK's
+        # http.CrossOriginProtection) accept the handshake instead of returning
+        # 403. Callers needing a different Origin can set one on the underlying
+        # httpx client's default headers.
+        if self._default_origin is not None:
+            headers["origin"] = self._default_origin
         if self.session_id:
             headers[MCP_SESSION_ID] = self.session_id
         if self._protocol_version_header:

tests/shared/test_streamable_http.py

@@ -1608,6 +1608,26 @@ async def bad_client():
         assert tools.tools
 
 
+def test_prepare_headers_includes_same_origin():
+    """Default Origin header is derived from the target URL (scheme://host[:port]).
+
+    Regression test for #2727: spec-compliant servers enforcing
+    anti-DNS-rebinding / CSRF protection reject requests with no Origin.
+    """
+    transport = StreamableHTTPTransport(url="http://my-go-server:8081/mcp")
+    headers = transport._prepare_headers()
+    assert headers["origin"] == "http://my-go-server:8081"
+
+    https_transport = StreamableHTTPTransport(url="https://example.com/mcp/path?x=1")
+    assert https_transport._prepare_headers()["origin"] == "https://example.com"
+
+
+def test_prepare_headers_omits_origin_for_invalid_url():
+    """No Origin header is added when the URL lacks a scheme or host."""
+    transport = StreamableHTTPTransport(url="not-a-url")
+    assert "origin" not in transport._prepare_headers()
+
+
 @pytest.mark.anyio
 async def test_handle_sse_event_skips_empty_data() -> None:
     """_handle_sse_event skips empty SSE data (keep-alive pings) without writing to the stream."""