sap-wm-mcp 0.3.2 → 0.3.3

package/lib/s4hClient.js

@@ -43,13 +43,20 @@ async function refreshCsrf() {
   const token = res.headers.get('x-csrf-token');
   if (!token) throw new Error('CSRF token fetch failed — no token in response headers');
 
-  const raw = res.headers.raw?.()['set-cookie'] ?? res.headers.get('set-cookie');
-  const cookie = Array.isArray(raw)
-    ? raw.map(c => c.split(';')[0]).join('; ')
-    : (raw ?? '').split(',').map(c => c.trim().split(';')[0]).join('; ');
+  // node-fetch v3 removed headers.raw() — collect Set-Cookie values correctly.
+  // getSetCookie() is WHATWG spec (Node 18+); forEach is the node-fetch v3 fallback.
+  let cookieParts;
+  if (typeof res.headers.getSetCookie === 'function') {
+    cookieParts = res.headers.getSetCookie().map(c => c.split(';')[0].trim());
+  } else {
+    cookieParts = [];
+    res.headers.forEach((value, key) => {
+      if (key.toLowerCase() === 'set-cookie') cookieParts.push(value.split(';')[0].trim());
+    });
+  }
 
   _csrfToken    = token;
-  _cookieHeader = cookie;
+  _cookieHeader = cookieParts.join('; ');
   log('debug', 'csrf_refreshed');
 }
 
@@ -115,8 +122,8 @@ export async function s4hPost(path, body) {
   try {
     response = await doPost();
 
-    // CSRF token expired — refresh once and retry
-    if (response.status === 403) {
+    // CSRF token expired or session mismatch — SAP returns 403 or 401 depending on ICM config
+    if (response.status === 403 || response.status === 401) {
       log('warn', 'csrf_expired_retry', { url });
       _csrfToken = null;
       _cookieHeader = null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sap-wm-mcp",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "MCP server for SAP Classic Warehouse Management — connects AI agents to S/4HANA WM via a custom RAP OData V4 service. For systems where EWM is not active.",
   "type": "module",
   "main": "index.js",