security: inject X-MCP-Token on all bridge fetch sites#18
Open
D3vCrow wants to merge 1 commit intoAnkleBreaker-Studio:mainfrom
Open
security: inject X-MCP-Token on all bridge fetch sites#18D3vCrow wants to merge 1 commit intoAnkleBreaker-Studio:mainfrom
D3vCrow wants to merge 1 commit intoAnkleBreaker-Studio:mainfrom
Conversation
Companion to the D3vCrow fork of unity-mcp-plugin, which adds an opt-in X-MCP-Token gate on mutating verbs (POST/PUT/DELETE). The plugin writes the shared secret to %APPDATA%/unity-mcp/secret on Windows or $XDG_CONFIG_HOME/unity-mcp/secret on Unix. unity-editor-bridge.js now loads that file once at module init and, when present, injects X-MCP-Token alongside X-Agent-Id on every editor call (submitToQueue, queue status poll, legacy sync POST, getQueueInfo, getTicketStatus, getProjectContext). Missing file → no header, which is the upstream behavior and matches the plugin's EnforceToken=false default. A new authHeaders(extra) helper consolidates the header construction — previously each fetch call site inlined a headers object. Caveat: token is cached at process start. Regenerating the secret in the dashboard requires restarting the MCP server process.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
%APPDATA%/unity-mcp/secret(Windows) or$XDG_CONFIG_HOME/unity-mcp/secret(Unix)X-MCP-Tokenvia newauthHeaders()helper on all 6 fetch sites insrc/unity-editor-bridge.js(submitToQueue, pollQueueStatus, sendCommandLegacyMode, getQueueInfo, getTicketStatus, getProjectContext)EnforceToken=falsedefaultThis is the companion change to the D3vCrow fork of unity-mcp-plugin, which adds an opt-in
X-MCP-Tokengate on mutating verbs (POST/PUT/DELETE). Without a plugin counterpart that enforces the token, this PR is a no-op.Test plan
unity_editor_pingvia MCP →connected:true, Unity 6000.3.6f1, project UnityToolkit, processId 23304curl -X POST -H 'Origin: http://attacker.example.com' ...→ 403{"error":"origin not allowed"}curl -X POST -H 'X-MCP-Token: wrong' ...→ 403{"error":"token invalid"}claude mcp listshows Connected3c2c67a(thread-safe snapshot) — no 'GetBool can only be called from the main thread' errorsCaveats
node:fs,node:os,node:path).Generated with Claude Code