Skip to content

Add RFC THV-0020 for header injection in remote MCP proxies #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jhrozek merged 3 commits into from
Jan 23, 2026
Merged

Add RFC THV-0020 for header injection in remote MCP proxies #26

jhrozek merged 3 commits into from
Jan 23, 2026

Conversation

@jhrozek
Copy link
Contributor

@jhrozek jhrozek commented Jan 21, 2026

This RFC proposes server-side configuration for injecting HTTP headers into requests forwarded to remote MCP servers. Currently, if specific headers need to be sent to remote servers, clients must configure them individually, which is brittle and doesn't scale across different MCP client implementations.

The solution uses a middleware that injects configured header name-value pairs into every request, following the existing token_injection pattern. This provides a single, centralized configuration point for operators.

Affected components:

  • thv proxy command (--remote-forward-headers flag)
  • thv run command for remote URLs (--remote-forward-headers flag)
  • MCPRemoteProxy Kubernetes CRD (headerForward.addHeaders field)

Related: stacklok/toolhive#3316

@jhrozek jhrozek force-pushed the thv-header-passthrough branch from 1c18630 to 43daa19 Compare January 21, 2026 23:27
JAORMX
JAORMX reviewed Jan 22, 2026
View reviewed changes
@jhrozek
Add RFC THV-0020 for header injection in remote MCP proxies
52a81ad 
This RFC proposes server-side configuration for injecting HTTP headers
into requests forwarded to remote MCP servers. Currently, if specific
headers need to be sent to remote servers, clients must configure them
individually, which is brittle and doesn't scale across different MCP
client implementations.

The solution uses a middleware that injects configured header name-value
pairs into every request, following the existing token_injection pattern.
This provides a single, centralized configuration point for operators.

Affected components:
- thv proxy command (--remote-forward-headers flag)
- thv run command for remote URLs (--remote-forward-headers flag)
- MCPRemoteProxy Kubernetes CRD (headerForward.addHeaders field)

Related: stacklok/toolhive#3316
@jhrozek
Document handling of sensitive headers
d08fc31 
Review feedback
@jhrozek jhrozek force-pushed the thv-header-passthrough branch from 43daa19 to d08fc31 Compare January 22, 2026 22:35
@jhrozek
Copy link
Contributor Author

jhrozek commented Jan 22, 2026

@JAORMX I added a new section that focuses on adding headers with potentially secret value, wdyt?

JAORMX
JAORMX reviewed Jan 23, 2026
View reviewed changes
Copy link
Contributor

@JAORMX JAORMX left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a couple of comments on specific security considerations worth addressing.

@jhrozek
Address PR review: add restricted headers blocklist and middleware co…
87e2efe 
…nflict detection

- Add restricted header blocklist (hop-by-hop, identity-spoofing, smuggling vectors)
- Add configuration-time validation for token exchange/injection conflicts
- Update middleware signature to return error on restricted headers
- Update Security Considerations with new mitigations
@jhrozek jhrozek merged commit 80822d5 into main Jan 23, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JAORMX JAORMX JAORMX approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jhrozek @JAORMX