MCP headers config ignored when server has OAuth discovery

Hi Dean, glad to hear that you found the report useful. We got the /api/mcp endpoint to work with the Authorization header, but not before uncovering another bug related to overly aggressive OAuth probing which deviates from the OAuth RFC. Here’s that bug: *** Cursor MCP client probes OAuth even when server signals OAuth unavailable***

Have a nice weekend!