Delete legacy transport's protocol-version validation (now owned by manager era-routing)

The manager only routes header values in SUPPORTED_PROTOCOL_VERSIONS (or no
header) to the legacy transport, so _validate_protocol_version's error branch
was unreachable. Deleted the function; _validate_request_headers now just
delegates to _validate_session.

Updated the one shared/ test that exercised the dead branch to assert the new
modern-entry rejection instead.

Author: maxisbey

src/mcp/server/streamable_http.py

@@ -28,7 +28,7 @@
 from mcp.shared._context_streams import ContextReceiveStream, ContextSendStream, create_context_streams
 from mcp.shared._stream_protocols import ReadStream, WriteStream
 from mcp.shared.message import ServerMessageMetadata, SessionMessage
-from mcp.shared.version import SUPPORTED_PROTOCOL_VERSIONS, is_version_at_least
+from mcp.shared.version import is_version_at_least
 from mcp.types import (
     DEFAULT_NEGOTIATED_VERSION,
     INTERNAL_ERROR,
@@ -814,11 +814,10 @@ async def _handle_unsupported_request(self, request: Request, send: Send) -> Non
         await response(request.scope, request.receive, send)
 
     async def _validate_request_headers(self, request: Request, send: Send) -> bool:
-        if not await self._validate_session(request, send):
-            return False
-        if not await self._validate_protocol_version(request, send):
-            return False
-        return True
+        # Protocol-version validation lives in the manager's era-routing: only
+        # values in `SUPPORTED_PROTOCOL_VERSIONS` (or no header at all) reach
+        # this transport, so the legacy version-gate is gone.
+        return await self._validate_session(request, send)
 
     async def _validate_session(self, request: Request, send: Send) -> bool:
         """Validate the session ID in the request."""
@@ -849,28 +848,6 @@ async def _validate_session(self, request: Request, send: Send) -> bool:
 
         return True
 
-    async def _validate_protocol_version(self, request: Request, send: Send) -> bool:
-        """Validate the protocol version header in the request."""
-        # Get the protocol version from the request headers
-        protocol_version = request.headers.get(MCP_PROTOCOL_VERSION_HEADER)
-
-        # If no protocol version provided, assume default version
-        if protocol_version is None:
-            protocol_version = DEFAULT_NEGOTIATED_VERSION
-
-        # Check if the protocol version is supported
-        if protocol_version not in SUPPORTED_PROTOCOL_VERSIONS:
-            supported_versions = ", ".join(SUPPORTED_PROTOCOL_VERSIONS)
-            response = self._create_error_response(
-                f"Bad Request: Unsupported protocol version: {protocol_version}. "
-                + f"Supported versions: {supported_versions}",
-                HTTPStatus.BAD_REQUEST,
-            )
-            await response(request.scope, request.receive, send)
-            return False
-
-        return True
-
     async def _replay_events(self, last_event_id: str, request: Request, send: Send) -> None:
         """Replays events that would have been sent after the specified event ID.
 
@@ -890,7 +867,7 @@ async def _replay_events(self, last_event_id: str, request: Request, send: Send)
             if self.mcp_session_id:  # pragma: no branch
                 headers[MCP_SESSION_ID_HEADER] = self.mcp_session_id
 
-            # Get protocol version from header (already validated in _validate_protocol_version)
+            # The manager only routes supported (or absent) header values to this transport
             replay_protocol_version = request.headers.get(MCP_PROTOCOL_VERSION_HEADER, DEFAULT_NEGOTIATED_VERSION)
 
             # Create SSE stream for replay

tests/shared/test_streamable_http.py

@@ -50,6 +50,7 @@
 from mcp.shared.session import RequestResponder
 from mcp.types import (
     DEFAULT_NEGOTIATED_VERSION,
+    INVALID_PARAMS,
     CallToolRequestParams,
     CallToolResult,
     InitializeResult,
@@ -1503,7 +1504,8 @@ async def test_server_validates_protocol_version_header(basic_app: Starlette) ->
         session_id = init_response.headers.get(MCP_SESSION_ID_HEADER)
         assert session_id is not None
 
-        # Test request with invalid protocol version (should fail)
+        # An unrecognised header value routes to the modern entry, where the
+        # validation ladder rejects an envelope-less body at rung 1.
         response = await client.post(
             "/mcp",
             headers={
@@ -1515,21 +1517,7 @@ async def test_server_validates_protocol_version_header(basic_app: Starlette) ->
             json={"jsonrpc": "2.0", "method": "tools/list", "id": "test-2"},
         )
         assert response.status_code == 400
-        assert MCP_PROTOCOL_VERSION_HEADER in response.text or "protocol version" in response.text.lower()
-
-        # Test request with unsupported protocol version (should fail)
-        response = await client.post(
-            "/mcp",
-            headers={
-                "Accept": "application/json, text/event-stream",
-                "Content-Type": "application/json",
-                MCP_SESSION_ID_HEADER: session_id,
-                MCP_PROTOCOL_VERSION_HEADER: "1999-01-01",  # Very old unsupported version
-            },
-            json={"jsonrpc": "2.0", "method": "tools/list", "id": "test-3"},
-        )
-        assert response.status_code == 400
-        assert MCP_PROTOCOL_VERSION_HEADER in response.text or "protocol version" in response.text.lower()
+        assert response.json()["error"]["code"] == INVALID_PARAMS
 
         # Test request with valid protocol version (should succeed)
         negotiated_version = extract_protocol_version_from_sse(init_response)