fix(mcp): relax Accept header validation for broader client compatibility

[ctonneslan]

Summary

Relaxes the strict Accept header validation in the Streamable HTTP transport's handlePostRequest to accommodate MCP clients that don't send both application/json and text/event-stream.

Before: Requests must include both application/json AND text/event-stream in the Accept header, or get a 406.

After: Requests are accepted if they include application/json OR text/event-stream OR */*. Missing Accept header defaults to */*. Only rejects when the client explicitly accepts neither.

Problem

The strict check breaks compatibility with several widely-used MCP clients:

• Gemini CLI — sends only Accept: application/json
• Java MCP SDK — sends only Accept: text/event-stream
• Open WebUI — missing text/event-stream in validation requests
• curl, httpx, fetch — send */* or no Accept header
• Dify MCP plugin — same issue

This is a known pain point across the MCP ecosystem (see linked issues in #1773).

Changes

• packages/mcp/src/streamable-http.ts: Updated Accept header validation to use Postel's Law (be liberal in what you accept)
• packages/mcp/src/streamable-http.test.ts: Updated existing test + added 4 new tests for application/json only, text/event-stream only, */*, and missing Accept header

Test plan

• Existing test updated to match new behavior
• New test: POST with only application/json Accept — accepted
• New test: POST with only text/event-stream Accept — accepted
• New test: POST with */* Accept — accepted
• New test: POST with no Accept header — accepted
• New test: POST with text/plain Accept — rejected with 406

Fixes #1773

[changeset-bot]

🦋 Changeset detected

Latest commit: 9742e5e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@hono/mcp	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[yusukebe]

@MathurAditya724 Can you also take a look at this?

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.73%. Comparing base (bbf1bdb) to head (605cff7).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1799   +/-   ##
=======================================
  Coverage   91.73%   91.73%           
=======================================
  Files         113      113           
  Lines        3785     3785           
  Branches      957      958    +1     
=======================================
  Hits         3472     3472           
  Misses        281      281           
  Partials       32       32           

Flag	Coverage Δ
mcp	90.52% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.