Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: scope query param auth to MCP endpoints

Browse Source 
Restrict api_key query parameter to /mcp/tools, /mcp/tool/call,
and /mcp/sse only. Updated documentation to reflect query param
usage for ChatGPT UI without header support.
This commit is contained in:
Latte
2026-01-29 21:07:37 +01:00
parent b990c6c527
commit 0a2a21cc52
3 changed files with 21 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
AUTH_SETUP.md
View File

@@ -77,9 +77,12 @@ API key authentication ENABLED (1 key(s) configured)
# Without key - should fail with 401
curl https://mcp.yourdomain.com/mcp/tools
# With valid key - should succeed
# With valid key (header) - should succeed
curl -H "Authorization: Bearer YOUR_KEY_HERE" \
https://mcp.yourdomain.com/mcp/tools
# With valid key (query param) - should succeed
curl "https://mcp.yourdomain.com/mcp/tools?api_key=YOUR_KEY_HERE"
```
---