fix: remove cookie query forwarding

2026-04-28 23:52:45 -04:00
parent 9cbba9ba13
commit d178f9c9cb
5 changed files with 33 additions and 24 deletions
--- a/packages/mcp-server/src/protocol/handler.ts
+++ b/packages/mcp-server/src/protocol/handler.ts
@@ -116,7 +116,6 @@ export async function handleMcpRequest(req: Request): Promise<Response> {
            params.append("priceMin", args.priceMin.toString());
          if (args.priceMax)
            params.append("priceMax", args.priceMax.toString());
-          if (args.cookies) params.append("cookies", args.cookies);
          if (args.unstableFilter !== undefined)
            params.append("unstableFilter", args.unstableFilter.toString());

--- a/packages/mcp-server/src/protocol/tools.ts
+++ b/packages/mcp-server/src/protocol/tools.ts
@@ -52,11 +52,6 @@ export const tools = [
          type: "number",
          description: "Maximum price in cents",
        },
-        cookies: {
-          type: "string",
-          description:
-            "Optional: Kijiji session cookies to bypass bot detection (JSON array or 'name1=value1; name2=value2')",
-        },
        unstableFilter: {
          type: "boolean",
          description:
--- a/packages/mcp-server/test/protocol.test.ts
+++ b/packages/mcp-server/test/protocol.test.ts
@@ -15,18 +15,13 @@ describe("MCP protocol cookie inputs", () => {
    global.fetch = originalFetch;
  });

-  test("search tools should not expose Facebook or eBay cookie inputs", () => {
-    const searchFacebookTool = tools.find(
-      (tool) => tool.name === "search_facebook",
-    );
-    const searchEbayTool = tools.find((tool) => tool.name === "search_ebay");
-
-    expect(searchFacebookTool?.inputSchema.properties).not.toHaveProperty(
-      "cookiesSource",
-    );
-    expect(searchEbayTool?.inputSchema.properties).not.toHaveProperty(
-      "cookies",
-    );
+  test("search tools should not expose cookie inputs", () => {
+    const toolNames = ["search_kijiji", "search_facebook", "search_ebay"];
+    for (const toolName of toolNames) {
+      const tool = tools.find((candidate) => candidate.name === toolName);
+      expect(tool?.inputSchema.properties).not.toHaveProperty("cookies");
+      expect(tool?.inputSchema.properties).not.toHaveProperty("cookiesSource");
+    }
  });

  test("search_facebook should not forward cookies query parameters", async () => {
@@ -53,6 +48,31 @@ describe("MCP protocol cookie inputs", () => {
    expect(String(calledUrl)).toContain("/facebook?q=laptop");
    expect(String(calledUrl)).not.toContain("cookies=");
  });
+
+  test("search_kijiji should not forward cookies query parameters", async () => {
+    await handleMcpRequest(
+      new Request("http://localhost", {
+        method: "POST",
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: 1,
+          method: "tools/call",
+          params: {
+            name: "search_kijiji",
+            arguments: {
+              query: "laptop",
+              cookies: "s=1",
+            },
+          },
+        }),
+      }),
+    );
+
+    const calledUrl = (global.fetch as unknown as ReturnType<typeof mock>).mock
+      .calls[0]?.[0];
+    expect(String(calledUrl)).toContain("/kijiji?q=laptop");
+    expect(String(calledUrl)).not.toContain("cookies=");
+  });
 });

 describe("MCP protocol unstableFilter", () => {