aminghadersohi opened a new pull request, #40469:
URL: https://github.com/apache/superset/pull/40469
### SUMMARY
Re-introduces the browser-friendly hello page from #40309 with a corrected
implementation.
**Root cause of the original failure:** The original PR wired the hello page
to Starlette's `AuthenticationMiddleware.on_error` callback. However,
`BearerAuthBackend.authenticate()` returns `None` for missing/invalid tokens
rather than raising `AuthenticationError`, so `on_error` was never called — the
page was unreachable. Browsers always got a `405 Method Not Allowed` from
FastMCP's router.
**Fix:** Replace the `on_error` approach with a `BrowserHelloMiddleware`
(`BaseHTTPMiddleware`) that intercepts `GET`/`HEAD` requests with a browser
`Accept` header before they reach the router. This is wired in `server.py` for
both the single-pod (`mcp.run()`) and multi-pod (`mcp.http_app()` + uvicorn)
paths.
**Additional improvements:**
- Works regardless of `MCP_AUTH_ENABLED` — previously only triggered when
auth was enabled
- Auth-aware config snippet: omits `Authorization` header when auth is off,
includes it when auth is on
- Config-driven via `MCP_HELLO_PAGE` dict in `superset_config.py` —
deployments can override `title`, `server_key`, `show_transport`, and `clients`
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
**Before:** `405 Method Not Allowed` for any browser `GET` to `/mcp`
**After:** 200 HTML page with setup instructions. Config snippet adapts to
auth state:
- Auth off: `{"url": "<this-url>", "transport": "streamable-http"}`
- Auth on: includes `"Authorization": "Bearer <your-api-key>"`
### TESTING INSTRUCTIONS
1. Start MCP server: `superset mcp run --port 5008 --debug`
2. Browser visit `http://localhost:5008/mcp` — should show the HTML hello
page
3. `curl -s -H "Accept: text/html,*/*" http://localhost:5008/mcp` — should
return 200 HTML
4. `curl -s -H "Accept: application/json" http://localhost:5008/mcp` —
should return 405 (unaffected)
5. Set `MCP_AUTH_ENABLED = True` in config, restart — config snippet should
include `Authorization` header
6. Set `MCP_HELLO_PAGE = {"title": "My MCP", "server_key": "my-superset"}` —
page should reflect overrides
### ADDITIONAL INFORMATION
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration
- [x] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
