fix: remove cookie query forwarding

2026-04-28 23:52:45 -04:00
parent 9cbba9ba13
commit d178f9c9cb
5 changed files with 33 additions and 24 deletions
--- a/packages/api-server/src/routes/kijiji.ts
+++ b/packages/api-server/src/routes/kijiji.ts
@@ -62,7 +62,6 @@ export async function kijijiRoute(req: Request): Promise<Response> {
    maxPages,
    priceMin,
    priceMax,
    cookies: reqUrl.searchParams.get("cookies") || undefined,
  };
  try {
--- a/packages/api-server/test/routes.test.ts
+++ b/packages/api-server/test/routes.test.ts
@@ -76,7 +76,7 @@ describe("API routes", () => {
    });
  });
-  test("kijijiRoute passes cookies query parameter", async () => {
+  test("kijijiRoute ignores cookies query parameter", async () => {
    const { kijijiRoute } = await import("../src/routes/kijiji");
    await kijijiRoute(
@@ -98,7 +98,6 @@ describe("API routes", () => {
        maxPages: 3,
        priceMin: undefined,
        priceMax: undefined,
        cookies: "s=1",
      },
      {},
    );
@@ -188,7 +187,6 @@ describe("API routes", () => {
        maxPages: 5,
        priceMin: undefined,
        priceMax: undefined,
        cookies: undefined,
      },
      {},
      {
@@ -279,7 +277,6 @@ describe("API routes", () => {
        maxPages: 5,
        priceMin: undefined,
        priceMax: undefined,
        cookies: undefined,
      },
      {},
    );
@@ -307,7 +304,6 @@ describe("API routes", () => {
        maxPages: 5,
        priceMin: undefined,
        priceMax: undefined,
        cookies: undefined,
      },
      {},
    );
--- a/packages/mcp-server/src/protocol/handler.ts
+++ b/packages/mcp-server/src/protocol/handler.ts
@@ -116,7 +116,6 @@ export async function handleMcpRequest(req: Request): Promise<Response> {
            params.append("priceMin", args.priceMin.toString());
          if (args.priceMax)
            params.append("priceMax", args.priceMax.toString());
          if (args.cookies) params.append("cookies", args.cookies);
          if (args.unstableFilter !== undefined)
            params.append("unstableFilter", args.unstableFilter.toString());
--- a/packages/mcp-server/src/protocol/tools.ts
+++ b/packages/mcp-server/src/protocol/tools.ts
@@ -52,11 +52,6 @@ export const tools = [
          type: "number",
          description: "Maximum price in cents",
        },
        cookies: {
          type: "string",
          description:
            "Optional: Kijiji session cookies to bypass bot detection (JSON array or 'name1=value1; name2=value2')",
        },
        unstableFilter: {
          type: "boolean",
          description:
--- a/packages/mcp-server/test/protocol.test.ts
+++ b/packages/mcp-server/test/protocol.test.ts
@@ -15,18 +15,13 @@ describe("MCP protocol cookie inputs", () => {
    global.fetch = originalFetch;
  });
-  test("search tools should not expose Facebook or eBay cookie inputs", () => {
+  test("search tools should not expose cookie inputs", () => {
-    const searchFacebookTool = tools.find(
+    const toolNames = ["search_kijiji", "search_facebook", "search_ebay"];
-      (tool) => tool.name === "search_facebook",
+    for (const toolName of toolNames) {
-    );
+      const tool = tools.find((candidate) => candidate.name === toolName);
-    const searchEbayTool = tools.find((tool) => tool.name === "search_ebay");
+      expect(tool?.inputSchema.properties).not.toHaveProperty("cookies");
-
+      expect(tool?.inputSchema.properties).not.toHaveProperty("cookiesSource");
-    expect(searchFacebookTool?.inputSchema.properties).not.toHaveProperty(
+    }
      "cookiesSource",
    );
    expect(searchEbayTool?.inputSchema.properties).not.toHaveProperty(
      "cookies",
    );
  });
  test("search_facebook should not forward cookies query parameters", async () => {
@@ -53,6 +48,31 @@ describe("MCP protocol cookie inputs", () => {
    expect(String(calledUrl)).toContain("/facebook?q=laptop");
    expect(String(calledUrl)).not.toContain("cookies=");
  });
  test("search_kijiji should not forward cookies query parameters", async () => {
    await handleMcpRequest(
      new Request("http://localhost", {
        method: "POST",
        body: JSON.stringify({
          jsonrpc: "2.0",
          id: 1,
          method: "tools/call",
          params: {
            name: "search_kijiji",
            arguments: {
              query: "laptop",
              cookies: "s=1",
            },
          },
        }),
      }),
    );
    const calledUrl = (global.fetch as unknown as ReturnType<typeof mock>).mock
      .calls[0]?.[0];
    expect(String(calledUrl)).toContain("/kijiji?q=laptop");
    expect(String(calledUrl)).not.toContain("cookies=");
  });
 });
 describe("MCP protocol unstableFilter", () => {