Cursor_agent is ignoring mcp authentication headers form the mcp.json file

Chris_Drake · September 13, 2025, 7:17am

Where does the bug appear (feature/product)?

Cursor CLI

Describe the Bug

This in the CLI:-

$ cursor-agent mcp list
Failed to list MCP servers: fetch failed

Shows this in my logs:-

2025-09-13 17:09:48.526 [PID:7232|TID:37800] SSE Message to ('127.0.0.1', 60199) > : ping - 2025-09-13T17:09:48.526619+00:00\r\n\r\n 
2025-09-13 17:09:52.635 [PID:7232|TID:42852] SSE Message to ('127.0.0.1', 60182) > : ping - 2025-09-13T17:09:52.635681+00:00\r\n\r\n 
2025-09-13 17:10:00.960 [PID:7232|TID:42616] Connect from ('127.0.0.1', 60297) 
2025-09-13 17:10:00.961 [PID:7232|TID:38780] Request from ('127.0.0.1', 60297) < {'Method': 'POST', 'Path': '/sse', 'Headers': {'host': '127-0-0-1.local.aurafriday.com:31173', 'connection': 'keep-alive', 'content-type': 'application/json', 'accept': 'application/json, text/event-stream', 'accept-language': '*', 'sec-fetch-mode': 'cors', 'user-agent': 'node', 'accept-encoding': 'b
r, gzip, deflate', 'content-length': '155'}, 'Body length': 155} Body: {"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"Cursor","version":"1.0.0"}},"jsonrpc":"2.0","id":0}
2025-09-13 17:10:00.962 [PID:7232|TID:38780] Auth No valid authentication provided (Basic, Bearer, or URL parameters) from IP: 127.0.0.1
2025-09-13 17:10:00.962 [PID:7232|TID:38780] RESPonse  to ('127.0.0.1', 60297) > b'HTTP/1.1 401 Unauthorized\r\nContent-Type: text/plain\r\nContent-Length: 13\r\nConnection: close\r\nAccess-Control-Allow-Origin: null\r\nAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Contro
l-Max-Age: 86400\r\nWWW-Authenticate: Basic realm="RagTag Memory System"\r\nContent-Type: text/plain; charset=utf-8\r\nCache-Control: no-store\r\nContent-Length: 13\r\n\r\nAccess Denied'
2025-09-13 17:10:00.967 [PID:7232|TID:38780] Session Initiated graceful socket shutdown (FIN sent)
2025-09-13 17:10:00.967 [PID:7232|TID:38780] Session Client socket closed

With this setting (not my real API key shown below) which works fine in the cursor IDE:

{
  "mcpServers": {
    "ragtag_sse": {
      "url": "https://127-0-0-1.local.aurafriday.com:31173/sse",
      "headers": {
        "Authorization": "Bearer 11111111-1111-4111-1111-1111111111111",
        "Content-Type": "application/json"
      }
    }
  }
}

Steps to Reproduce

description says all you need

Expected Behavior

should honour mcp settings same as the IDE does

Operating System

Linux

Current Cursor Version (Menu → About Cursor → Copy)

cursor-agent/versions/2025.09.12-4852336

Does this stop you from using Cursor

No - Cursor works, but with this issue

system · October 5, 2025, 7:18am

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cursor configuration MCP Server error Bug Reports	2	789	June 24, 2025
Cursor CLI - Can't use remote MCP Servers or local with auth requirements Bug Reports	2	86	September 30, 2025
Cursor MCP requests do not honour API-key provision to sse (only stdio works) Bug Reports	10	813	June 21, 2025
API key for SSE MCP servers Feature Requests	31	3950	July 22, 2025
Cursor cannot pass auth identity to agent for MCP calls Bug Reports	1	199	June 7, 2025