Skip to content

Echo request id in post-parse Streamable HTTP error responses#1687

Merged
tarekgh merged 1 commit into
modelcontextprotocol:mainfrom
tarekgh:fix/1677-jsonrpc-error-id
Jul 2, 2026
Merged

Echo request id in post-parse Streamable HTTP error responses#1687
tarekgh merged 1 commit into
modelcontextprotocol:mainfrom
tarekgh:fix/1677-jsonrpc-error-id

Conversation

@tarekgh

@tarekgh tarekgh commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

On the Streamable HTTP transport, several JSON-RPC error responses were emitted with "id": null even after the request body had been successfully parsed and its id was readable. This violates the base protocol responses rule (error responses MUST include the same id as the request they correspond to, except when the id could not be read due to a malformed request) and SEP-2243's error response format for header validation failures, which echoes the request id.

Fix

Thread the parsed request id through every post-parse error site on the POST path in StreamableHttpHandler:

  • Header validation failure (-32020 HeaderMismatch) - the reported case
  • 2026-07-28 Mcp-Session-Id rejection (SEP-2567)
  • Unsupported protocol version fallback (SEP-2575)
  • New-session-only-via-initialize rejection
  • Stateless-mode session-id rejection
  • Session not found (-32001) and forbidden cases

Pre-parse failures (protocol version and accept header checks) and malformed requests (invalid JSON, explicit id: null) still return id: null, which is correct per the base protocol.

Tests

  • Strengthened the header/body mismatch conformance test and added a missing Mcp-Name test to assert the echoed id.
  • Strengthened the session-not-found and new-session-required tests, and added a stateless session-id test, to assert the echoed id.
  • Kept the existing null-id guards for malformed and explicit-null-id requests.

All ModelContextProtocol.AspNetCore.Tests pass on net8.0, net9.0, and net10.0.

Fixes #1677

On the Streamable HTTP transport, several JSON-RPC error responses were
emitted with id null even after the request body had been parsed and its
id was readable. This violates the base protocol responses rule (error
responses must include the same id as the request, except when the id
could not be read due to a malformed request) and SEP-2243's error
response format for header validation failures.

Thread the parsed request id through every post-parse error site on the
POST path: the header validation failure (-32020 HeaderMismatch), the
2026-07-28 session-id rejection, the unsupported protocol version
fallback, the new-session-only-via-initialize rejection, the stateless
session-id rejection, and the session not found and forbidden cases.
Pre-parse and malformed cases still return id null, which is correct.

Add and strengthen conformance tests to assert the echoed id, while
keeping the existing null-id guards for malformed and explicit-null-id
requests.

Fixes modelcontextprotocol#1677
@tarekgh

tarekgh commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

CC @cclabadmin

@tarekgh tarekgh requested a review from halter73 July 1, 2026 22:18
@tarekgh tarekgh self-assigned this Jul 1, 2026
@tarekgh

tarekgh commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

CC @jeffhandley

@tarekgh tarekgh merged commit e23be1d into modelcontextprotocol:main Jul 2, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Draft protocol: HTTP header-validation errors return id: null after parsing the request id

3 participants