1
66%
main: 66%

Ran 11 Mar 2026 12:40PM UTC

Files 541

Run time 15s

Badge

Embed ▾

Committed 11 Mar 2026 12:31PM UTC coverage: 63.963% (-0.04%) from 64.006%

Job # 22952704691.1

Build Type

push

github

Committed by

web-flow

Commit Message

Fix Content-Length mismatch in authz response filter with remote proxies (#4092)

When httputil.ReverseProxy forwards a response from a remote MCP server,
it copies the backend's Content-Length header to the ResponseWriter via
Header(). ResponseFilteringWriter does not override Header(), so the
original Content-Length leaks to the real writer. After Cedar policy
filtering changes the response body size, Go's HTTP server detects the
mismatch and tears down the connection.

Delete the stale Content-Length header before writing filtered responses
for both JSON and SSE content types. Go's HTTP library will handle
correct framing automatically.

Fixes: #4044

Co-authored-by: ChandraMohan0316 <chandrashanmugam007@gmail.com>

Coverage Stats

47719 of 74604 relevant lines covered (63.96%)

70.66 hits per line

stacklok / toolhive / 22952704691 / 1
66%
main: 66%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 22952704691.1

stacklok / toolhive / 22952704691 / 1 66% main: 66%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 22952704691.1

stacklok / toolhive / 22952704691 / 1
66%
main: 66%

README BADGES
x