From d178f9c9cb67ae1532c6b37f5472edfac10913ff Mon Sep 17 00:00:00 2001 From: Dmytro Stanchiev Date: Tue, 28 Apr 2026 23:52:45 -0400 Subject: [PATCH] fix: remove cookie query forwarding --- packages/api-server/src/routes/kijiji.ts | 1 - packages/api-server/test/routes.test.ts | 6 +-- packages/mcp-server/src/protocol/handler.ts | 1 - packages/mcp-server/src/protocol/tools.ts | 5 --- packages/mcp-server/test/protocol.test.ts | 44 +++++++++++++++------ 5 files changed, 33 insertions(+), 24 deletions(-) diff --git a/packages/api-server/src/routes/kijiji.ts b/packages/api-server/src/routes/kijiji.ts index 5b66beb..bcbff63 100644 --- a/packages/api-server/src/routes/kijiji.ts +++ b/packages/api-server/src/routes/kijiji.ts @@ -62,7 +62,6 @@ export async function kijijiRoute(req: Request): Promise { maxPages, priceMin, priceMax, - cookies: reqUrl.searchParams.get("cookies") || undefined, }; try { diff --git a/packages/api-server/test/routes.test.ts b/packages/api-server/test/routes.test.ts index 56d348c..6804d50 100644 --- a/packages/api-server/test/routes.test.ts +++ b/packages/api-server/test/routes.test.ts @@ -76,7 +76,7 @@ describe("API routes", () => { }); }); - test("kijijiRoute passes cookies query parameter", async () => { + test("kijijiRoute ignores cookies query parameter", async () => { const { kijijiRoute } = await import("../src/routes/kijiji"); await kijijiRoute( @@ -98,7 +98,6 @@ describe("API routes", () => { maxPages: 3, priceMin: undefined, priceMax: undefined, - cookies: "s=1", }, {}, ); @@ -188,7 +187,6 @@ describe("API routes", () => { maxPages: 5, priceMin: undefined, priceMax: undefined, - cookies: undefined, }, {}, { @@ -279,7 +277,6 @@ describe("API routes", () => { maxPages: 5, priceMin: undefined, priceMax: undefined, - cookies: undefined, }, {}, ); @@ -307,7 +304,6 @@ describe("API routes", () => { maxPages: 5, priceMin: undefined, priceMax: undefined, - cookies: undefined, }, {}, ); diff --git a/packages/mcp-server/src/protocol/handler.ts b/packages/mcp-server/src/protocol/handler.ts index d5271e1..80150e4 100644 --- a/packages/mcp-server/src/protocol/handler.ts +++ b/packages/mcp-server/src/protocol/handler.ts @@ -116,7 +116,6 @@ export async function handleMcpRequest(req: Request): Promise { params.append("priceMin", args.priceMin.toString()); if (args.priceMax) params.append("priceMax", args.priceMax.toString()); - if (args.cookies) params.append("cookies", args.cookies); if (args.unstableFilter !== undefined) params.append("unstableFilter", args.unstableFilter.toString()); diff --git a/packages/mcp-server/src/protocol/tools.ts b/packages/mcp-server/src/protocol/tools.ts index 91c3fa1..ababca4 100644 --- a/packages/mcp-server/src/protocol/tools.ts +++ b/packages/mcp-server/src/protocol/tools.ts @@ -52,11 +52,6 @@ export const tools = [ type: "number", description: "Maximum price in cents", }, - cookies: { - type: "string", - description: - "Optional: Kijiji session cookies to bypass bot detection (JSON array or 'name1=value1; name2=value2')", - }, unstableFilter: { type: "boolean", description: diff --git a/packages/mcp-server/test/protocol.test.ts b/packages/mcp-server/test/protocol.test.ts index a137e9f..36bf633 100644 --- a/packages/mcp-server/test/protocol.test.ts +++ b/packages/mcp-server/test/protocol.test.ts @@ -15,18 +15,13 @@ describe("MCP protocol cookie inputs", () => { global.fetch = originalFetch; }); - test("search tools should not expose Facebook or eBay cookie inputs", () => { - const searchFacebookTool = tools.find( - (tool) => tool.name === "search_facebook", - ); - const searchEbayTool = tools.find((tool) => tool.name === "search_ebay"); - - expect(searchFacebookTool?.inputSchema.properties).not.toHaveProperty( - "cookiesSource", - ); - expect(searchEbayTool?.inputSchema.properties).not.toHaveProperty( - "cookies", - ); + test("search tools should not expose cookie inputs", () => { + const toolNames = ["search_kijiji", "search_facebook", "search_ebay"]; + for (const toolName of toolNames) { + const tool = tools.find((candidate) => candidate.name === toolName); + expect(tool?.inputSchema.properties).not.toHaveProperty("cookies"); + expect(tool?.inputSchema.properties).not.toHaveProperty("cookiesSource"); + } }); test("search_facebook should not forward cookies query parameters", async () => { @@ -53,6 +48,31 @@ describe("MCP protocol cookie inputs", () => { expect(String(calledUrl)).toContain("/facebook?q=laptop"); expect(String(calledUrl)).not.toContain("cookies="); }); + + test("search_kijiji should not forward cookies query parameters", async () => { + await handleMcpRequest( + new Request("http://localhost", { + method: "POST", + body: JSON.stringify({ + jsonrpc: "2.0", + id: 1, + method: "tools/call", + params: { + name: "search_kijiji", + arguments: { + query: "laptop", + cookies: "s=1", + }, + }, + }), + }), + ); + + const calledUrl = (global.fetch as unknown as ReturnType).mock + .calls[0]?.[0]; + expect(String(calledUrl)).toContain("/kijiji?q=laptop"); + expect(String(calledUrl)).not.toContain("cookies="); + }); }); describe("MCP protocol unstableFilter", () => {