@aborruso/ckan-mcp-server 0.4.76 → 0.4.77

package/LOG.md

@@ -1,5 +1,9 @@
 # LOG
 
+## 2026-03-07 (v0.4.77)
+
+- fix(`http.ts`): remove `Referer`, `Sec-Fetch-*`, `Upgrade-Insecure-Requests` from axios headers — these triggered WAF block on BA Data (data.buenosaires.gob.ar) and other portals with strict WAF rules; dati.gov.it unaffected
+
 ## 2026-03-06 (v0.4.75)
 
 - fix(`ckan_find_portals`): deduplicate portals by hostname, preferring https over http

package/dist/index.js

@@ -359,11 +359,6 @@ async function makeCkanRequest(serverUrl, action, params = {}) {
           "Accept-Language": "en-US,en;q=0.9,it;q=0.8",
           "Accept-Encoding": "gzip, deflate, br",
           Connection: "keep-alive",
-          Referer: `${baseUrl}/`,
-          "Sec-Fetch-Site": "same-origin",
-          "Sec-Fetch-Mode": "navigate",
-          "Sec-Fetch-Dest": "document",
-          "Upgrade-Insecure-Requests": "1",
           "Sec-CH-UA": '"Chromium";v="120", "Not?A_Brand";v="24", "Google Chrome";v="120"',
           "Sec-CH-UA-Mobile": "?0",
           "Sec-CH-UA-Platform": '"Linux"',
@@ -4955,7 +4950,7 @@ var registerAllPrompts = (server2) => {
 function createServer() {
   return new McpServer({
     name: "ckan-mcp-server",
-    version: "0.4.76"
+    version: "0.4.77"
   });
 }
 function registerAll(server2) {

package/dist/worker.js

@@ -1084,7 +1084,7 @@ ckan_package_search({
 })
 \`\`\`
 
-If the portal supports HVD classification, look for datasets with fields like \`hvd_category\` or \`applicable_legislation\`.`,_b=t=>{t.registerPrompt(YO,{title:"Search High-Value Datasets (HVD)",description:"Guided prompt to find High-Value Datasets (HVD) on a CKAN portal. Automatically uses the correct filter field from portal configuration.",argsSchema:{server_url:v.string().url().describe("Base URL of the CKAN server"),rows:v.coerce.number().int().positive().default(10).describe("Max results to return")}},async({server_url:e,rows:r})=>{let n=so(e);return ht(eN(e,r,n?.category_field??null))})};var vb=t=>{pb(t),mb(t),hb(t),gb(t),yb(t),_b(t)};function bb(){return new ma({name:"ckan-mcp-server",version:"0.4.74"})}function wb(t){Lv(t),Uv(t),Hv(t),Vv(t),Bv(t),Jv(t),eb(t),tb(t),rb(t),nb(t),ob(t),fb(t),vb(t)}var ja=class{constructor(e={}){this._started=!1,this._streamMapping=new Map,this._requestToStreamMapping=new Map,this._requestResponseMap=new Map,this._initialized=!1,this._enableJsonResponse=!1,this._standaloneSseStreamId="_GET_stream",this.sessionIdGenerator=e.sessionIdGenerator,this._enableJsonResponse=e.enableJsonResponse??!1,this._eventStore=e.eventStore,this._onsessioninitialized=e.onsessioninitialized,this._onsessionclosed=e.onsessionclosed,this._allowedHosts=e.allowedHosts,this._allowedOrigins=e.allowedOrigins,this._enableDnsRebindingProtection=e.enableDnsRebindingProtection??!1,this._retryInterval=e.retryInterval}async start(){if(this._started)throw new Error("Transport already started");this._started=!0}createJsonErrorResponse(e,r,n,o){let s={code:r,message:n};return o?.data!==void 0&&(s.data=o.data),new Response(JSON.stringify({jsonrpc:"2.0",error:s,id:null}),{status:e,headers:{"Content-Type":"application/json",...o?.headers}})}validateRequestHeaders(e){if(this._enableDnsRebindingProtection){if(this._allowedHosts&&this._allowedHosts.length>0){let r=e.headers.get("host");if(!r||!this._allowedHosts.includes(r)){let n=`Invalid Host header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}if(this._allowedOrigins&&this._allowedOrigins.length>0){let r=e.headers.get("origin");if(r&&!this._allowedOrigins.includes(r)){let n=`Invalid Origin header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}}}async handleRequest(e,r){let n=this.validateRequestHeaders(e);if(n)return n;switch(e.method){case"POST":return this.handlePostRequest(e,r);case"GET":return this.handleGetRequest(e);case"DELETE":return this.handleDeleteRequest(e);default:return this.handleUnsupportedRequest()}}async writePrimingEvent(e,r,n,o){if(!this._eventStore||o<"2025-11-25")return;let s=await this._eventStore.storeEvent(n,{}),i=`id: ${s}
+If the portal supports HVD classification, look for datasets with fields like \`hvd_category\` or \`applicable_legislation\`.`,_b=t=>{t.registerPrompt(YO,{title:"Search High-Value Datasets (HVD)",description:"Guided prompt to find High-Value Datasets (HVD) on a CKAN portal. Automatically uses the correct filter field from portal configuration.",argsSchema:{server_url:v.string().url().describe("Base URL of the CKAN server"),rows:v.coerce.number().int().positive().default(10).describe("Max results to return")}},async({server_url:e,rows:r})=>{let n=so(e);return ht(eN(e,r,n?.category_field??null))})};var vb=t=>{pb(t),mb(t),hb(t),gb(t),yb(t),_b(t)};function bb(){return new ma({name:"ckan-mcp-server",version:"0.4.76"})}function wb(t){Lv(t),Uv(t),Hv(t),Vv(t),Bv(t),Jv(t),eb(t),tb(t),rb(t),nb(t),ob(t),fb(t),vb(t)}var ja=class{constructor(e={}){this._started=!1,this._streamMapping=new Map,this._requestToStreamMapping=new Map,this._requestResponseMap=new Map,this._initialized=!1,this._enableJsonResponse=!1,this._standaloneSseStreamId="_GET_stream",this.sessionIdGenerator=e.sessionIdGenerator,this._enableJsonResponse=e.enableJsonResponse??!1,this._eventStore=e.eventStore,this._onsessioninitialized=e.onsessioninitialized,this._onsessionclosed=e.onsessionclosed,this._allowedHosts=e.allowedHosts,this._allowedOrigins=e.allowedOrigins,this._enableDnsRebindingProtection=e.enableDnsRebindingProtection??!1,this._retryInterval=e.retryInterval}async start(){if(this._started)throw new Error("Transport already started");this._started=!0}createJsonErrorResponse(e,r,n,o){let s={code:r,message:n};return o?.data!==void 0&&(s.data=o.data),new Response(JSON.stringify({jsonrpc:"2.0",error:s,id:null}),{status:e,headers:{"Content-Type":"application/json",...o?.headers}})}validateRequestHeaders(e){if(this._enableDnsRebindingProtection){if(this._allowedHosts&&this._allowedHosts.length>0){let r=e.headers.get("host");if(!r||!this._allowedHosts.includes(r)){let n=`Invalid Host header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}if(this._allowedOrigins&&this._allowedOrigins.length>0){let r=e.headers.get("origin");if(r&&!this._allowedOrigins.includes(r)){let n=`Invalid Origin header: ${r}`;return this.onerror?.(new Error(n)),this.createJsonErrorResponse(403,-32e3,n)}}}}async handleRequest(e,r){let n=this.validateRequestHeaders(e);if(n)return n;switch(e.method){case"POST":return this.handlePostRequest(e,r);case"GET":return this.handleGetRequest(e);case"DELETE":return this.handleDeleteRequest(e);default:return this.handleUnsupportedRequest()}}async writePrimingEvent(e,r,n,o){if(!this._eventStore||o<"2025-11-25")return;let s=await this._eventStore.storeEvent(n,{}),i=`id: ${s}
 data: 
 
 `;this._retryInterval!==void 0&&(i=`id: ${s}
@@ -1278,4 +1278,4 @@ data:
     </div>
   </div>
 </body>
-</html>`,{headers:{"Content-Type":"text/html; charset=utf-8","Access-Control-Allow-Origin":"*"}});if(t.method==="GET"&&e.pathname==="/health")return new Response(JSON.stringify({status:"ok",version:"0.4.75",tools:20,resources:7,prompts:6,runtime:"cloudflare-workers"}),{headers:{"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}});if(e.pathname==="/mcp")try{let r=t.clone();try{let s=await r.json();if(s?.method==="tools/call"&&s?.params?.name){let i=s.params.name,a=s.params.arguments??{},c={tool:i,server:a.server_url??""};a.q!==void 0&&(c.q=a.q),a.fq!==void 0&&(c.fq=a.fq),a.query!==void 0&&(c.query=a.query),a.id!==void 0&&(c.id=a.id),a.name!==void 0&&(c.name=a.name),a.pattern!==void 0&&(c.pattern=a.pattern),a.resource_id!==void 0&&(c.resource_id=a.resource_id),a.format_filter!==void 0&&(c.format_filter=a.format_filter),a.sort!==void 0&&(c.sort=a.sort),a.rows!==void 0&&(c.rows=a.rows),a.limit!==void 0&&(c.limit=a.limit),a.sql!==void 0&&(c.sql=String(a.sql).slice(0,200)),console.log(JSON.stringify(c))}}catch{}let n=await kb.handleRequest(t),o=new Headers(n.headers);return o.set("Access-Control-Allow-Origin","*"),o.set("X-Service-Notice","Demo instance - 100k requests/day shared quota"),o.set("X-Recommendation","https://github.com/ondata/ckan-mcp-server#installation"),new Response(n.body,{status:n.status,statusText:n.statusText,headers:o})}catch(r){return console.error("Worker error:",r),new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32603,message:"Internal error",data:r instanceof Error?r.message:String(r)},id:null}),{status:500,headers:{"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}return new Response("Not Found",{status:404,headers:{"Access-Control-Allow-Origin":"*"}})}};export{G4 as default};
+</html>`,{headers:{"Content-Type":"text/html; charset=utf-8","Access-Control-Allow-Origin":"*"}});if(t.method==="GET"&&e.pathname==="/health")return new Response(JSON.stringify({status:"ok",version:"0.4.76",tools:20,resources:7,prompts:6,runtime:"cloudflare-workers"}),{headers:{"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}});if(e.pathname==="/mcp")try{let r=t.clone();try{let s=await r.json();if(s?.method==="tools/call"&&s?.params?.name){let i=s.params.name,a=s.params.arguments??{},c={tool:i,server:a.server_url??""};a.q!==void 0&&(c.q=a.q),a.fq!==void 0&&(c.fq=a.fq),a.query!==void 0&&(c.query=a.query),a.id!==void 0&&(c.id=a.id),a.name!==void 0&&(c.name=a.name),a.pattern!==void 0&&(c.pattern=a.pattern),a.resource_id!==void 0&&(c.resource_id=a.resource_id),a.format_filter!==void 0&&(c.format_filter=a.format_filter),a.sort!==void 0&&(c.sort=a.sort),a.rows!==void 0&&(c.rows=a.rows),a.limit!==void 0&&(c.limit=a.limit),a.sql!==void 0&&(c.sql=String(a.sql).slice(0,200)),console.log(JSON.stringify(c))}}catch{}let n=await kb.handleRequest(t),o=new Headers(n.headers);return o.set("Access-Control-Allow-Origin","*"),o.set("X-Service-Notice","Demo instance - 100k requests/day shared quota"),o.set("X-Recommendation","https://github.com/ondata/ckan-mcp-server#installation"),new Response(n.body,{status:n.status,statusText:n.statusText,headers:o})}catch(r){return console.error("Worker error:",r),new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32603,message:"Internal error",data:r instanceof Error?r.message:String(r)},id:null}),{status:500,headers:{"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}return new Response("Not Found",{status:404,headers:{"Access-Control-Allow-Origin":"*"}})}};export{G4 as default};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aborruso/ckan-mcp-server",
-  "version": "0.4.76",
+  "version": "0.4.77",
   "description": "MCP server for interacting with CKAN open data portals",
   "main": "dist/index.js",
   "type": "module",