github doobidoo/mcp-memory-service v10.6.1
v10.6.1 - Fix SSE Authentication (#420)
on GitHub

latest releases: v10.31.1, v10.31.0, v10.30.0...
one month ago

Bug Fix

Fixes #420 - Dashboard disconnects due to 401 on Events API.

Root Cause

Browser EventSource API doesn't support custom headers (X-API-Key, Authorization). The /api/events SSE endpoint requires authentication, so it always returned 401 when API key auth was enabled.

Fix

  • Pass api_key as URL query parameter using URL/URLSearchParams APIs
  • Added ?token= query parameter support in auth middleware for OAuth SSE connections
  • Added <meta name="referrer" content="no-referrer"> to prevent API key leakage via Referer headers

Security Hardening

  • Uses URLSearchParams for safe URL encoding (prevents injection)
  • Referrer policy blocks credential leakage to third-party resources
  • HTTPS still recommended for production deployments

Full Changelog: v10.6.0...v10.6.1

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.6.1

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications