MCPcopy
hub / github.com/github/github-mcp-server / GetEffectiveHostAndScheme

Function GetEffectiveHostAndScheme

pkg/http/oauth/oauth.go:218–246  ·  view source on GitHub ↗

GetEffectiveHostAndScheme returns the effective host and scheme for a request. X-Forwarded-Host and X-Forwarded-Proto are only honored when cfg.TrustProxyHeaders is true. Without that opt-in, an untrusted client could otherwise influence the OAuth resource metadata URL advertised to MCP clients.

(r *http.Request, cfg *Config)

Source from the content-addressed store, hash-verified

216// is true. Without that opt-in, an untrusted client could otherwise influence the
217// OAuth resource metadata URL advertised to MCP clients.
218func GetEffectiveHostAndScheme(r *http.Request, cfg *Config) (host, scheme string) { //nolint:revive
219 trustProxy := cfg != nil && cfg.TrustProxyHeaders
220
221 if trustProxy {
222 if fh := r.Header.Get(headers.ForwardedHostHeader); fh != "" {
223 host = fh
224 }
225 }
226 if host == "" {
227 host = r.Host
228 }
229 if host == "" {
230 host = "localhost"
231 }
232
233 if trustProxy {
234 if fp := r.Header.Get(headers.ForwardedProtoHeader); fp != "" {
235 scheme = strings.ToLower(fp)
236 }
237 }
238 if scheme == "" {
239 if r.TLS != nil {
240 scheme = "https"
241 } else {
242 scheme = "http"
243 }
244 }
245 return
246}
247
248// BuildResourceMetadataURL constructs the full URL to the OAuth protected resource metadata endpoint.
249func BuildResourceMetadataURL(r *http.Request, cfg *Config, resourcePath string) string {

Callers 3

buildResourceURLMethod · 0.85
BuildResourceMetadataURLFunction · 0.85

Calls

no outgoing calls

Tested by 1