Skip to content

[FEAT] : ADD HEADERS FW to tools #271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: dev
Choose a base branch
from
Open

[FEAT] : ADD HEADERS FW to tools #271

wants to merge 16 commits into from
+204 −43

Conversation

@GlisseManTV
Copy link

@GlisseManTV GlisseManTV commented Nov 5, 2025
edited
Loading

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Have you written and run sufficient tests to validate the changes?
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
    • BREAKING CHANGE: Significant changes that may affect compatibility
    • build: Changes that affect the build system or external dependencies
    • ci: Changes to our continuous integration processes or workflows
    • chore: Refactor, cleanup, or other non-functional code changes
    • docs: Documentation update or addition
    • feat: Introduces a new feature or enhancement to the codebase
    • fix: Bug fix or error correction
    • i18n: Internationalization or localization changes
    • perf: Performance improvement
    • refactor: Code restructuring for better maintainability, readability, or scalability
    • style: Changes that do not affect the meaning of the code (white space, formatting, missing semi-colons, etc.)
    • test: Adding missing tests or correcting existing tests
    • WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

  • Add headers forwarding through mcpo.
    using a custom arg "mcpo_headers" pushed in arguments list.
    Adding a function to mask headers in logs.

Added

  • Header forwarding
  • Function to hide sensitive headers in logs

Changed

  • _meta to "mcpo_headers"

Deprecated

  • [List any deprecated functionality or features that have been removed]

Removed

  • _meta mention in utils/main.py

Fixed

  • [List any fixes, corrections, or bug fixes]

Security

  • Hide sensitive headers in logs

Breaking Changes

  • BREAKING CHANGE: tools must use "mcpo_headers" to find auth headers

Additional Information

  • [Insert any additional context, notes, or explanations for the changes]
    • [Reference any related issues, commits, or other relevant information]

Screenshots or Videos

  • [Attach any relevant screenshots or videos demonstrating the changes]

tjbck and others added 16 commits October 14, 2025 15:23
@tjbck
Merge pull request open-webui#232 from open-webui/dev
983022b 
0.0.18
@tjbck
Merge pull request open-webui#261 from open-webui/dev
b91361f 
Update pyproject.toml
@tjbck
Merge pull request open-webui#262 from open-webui/dev
25b219a 
0.0.19
@tjbck
Merge pull request open-webui#263 from open-webui/dev
91e8f94 
rm ai slop
fix: update logging level from debug to info in header filtering
0399dbc 
Changed logging levels from debug to info in header filtering and processing functions to improve visibility of header decisions in logs. This provides clearer operational insights without overwhelming logs with debug-level messages. The changes are consistent across filter_headers, process_headers_for_server, and tool endpoint logging, maintaining clarity while reducing noise.
@GlisseManTV
Delete .github/workflows/publish.yaml
640bdae
@GlisseManTV
Update main.py
1f70ada
@GlisseManTV
Update main.py
5a7983d
fix: refactor meta handling in tool endpoint calls
e5f0bbb 
Refactored the handling of forwarded headers in tool endpoint calls to pass headers as arguments instead of using meta. This change simplifies the interface by removing the need for a separate meta dictionary, improves consistency, and aligns with the expected argument structure of session.call_tool. The logger messages were updated to reflect the new argument structure, and error handling was preserved for robustness.
fix: update header key name in tool handler
740d90a 
Changed the internal header storage key from `__mcpo_forwarded_headers__` to `mcpo_headers` for consistency and clarity. This improves code readability and maintains a uniform naming convention across the codebase.
feat(utils): add masking of sensitive headers in logs
300dbdc 
Adds a new function `mask_sensitive_headers` to obfuscate sensitive header values (like Authorization, API keys) in log output. This improves security by preventing sensitive data from being exposed in logs while maintaining debuggability. The masking is applied to headers in the request arguments before logging, replacing values with placeholders like "Bearer *****" or "*****". This change ensures that even when detailed request data is logged, sensitive information remains protected.
feat(utils): remove unused mask_sensitive_headers and update logging
4026879 
Removed deprecated mask_sensitive_headers function and updated logging to display raw arguments instead of masked ones. This simplifies the codebase by eliminating unused functionality while maintaining clarity in logs. The change improves maintainability and reduces potential confusion around sensitive data handling.
feat(utils): mask sensitive headers in logs to prevent leak
6dafbe1 
Adds a utility function to mask sensitive header values (e.g., authorization, API keys) in log output to enhance security and prevent accidental exposure of credentials. The function recursively masks values like Bearer, Basic, and API-Key tokens, replacing them with placeholders. Applied in tool handler logging to ensure sensitive data is not logged in plain text.

The change also updates the argument key from "__mcpo_forwarded_headers__" to "mcpo_headers" for consistency and improves logging output by masking sensitive data before being logged.
feat(mcpo): log raw args instead of masked args in endpoint calls
e668894 
Changed logging in get_tool_handler to output raw arguments instead of masked arguments for better debugging and monitoring. This change helps in troubleshooting by providing access to the actual arguments passed to endpoints, while still maintaining the security of masked headers in the actual request processing.
feat: temporarily disable sensitive header masking in tool handler
9c7f3d1 
Disabled the masking of sensitive headers in the tool handler to allow for debugging and testing of header forwarding functionality. The masking logic can be re-enabled once the header handling is fully validated. This change affects the get_tool_handler function in src/mcpo/utils/main.py where the mask_sensitive_headers call was commented out.
fix: improve sensitive data masking and logging in MCPo utilities
774611c 
- Replace shallow copy with deep copy in mask_sensitive_headers function to properly handle nested dictionaries
- Apply sensitive data masking to arguments before logging to prevent exposure of sensitive information
- Ensure headers are properly masked before being logged for debugging purposes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GlisseManTV @tjbck