RemoteServerConfig headers not sent when registering MCP server via extension API - needs VS Code upstream fix

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

When registering a remote MCP server programmatically using the vscode.cursor.mcp.registerServer() API with RemoteServerConfig, the headers field is silently ignored. Headers such as Authorization and custom
headers (e.g. X-API-Key) are never sent to the MCP server.

Root Cause & Upstream Fix:

I believe this issue was caused by an upstream bug in VS Code’s MCP implementation. The identical issue was reported and resolved in VS Code:

• microsoft/vscode#245828 (MCP Server Configuration: "headers" field incorrectly flagged as invalid and headers not sent · Issue #245828 · microsoft/vscode · GitHub) — “MCP Server Configuration: ‘headers’ field incorrectly flagged as invalid and headers not sent”

The fix was completed in the April 2025 milestone, verified, and released in VS Code Insiders.

Steps to Reproduce

1. Register a remote MCP server using the extension API:

  vscode.cursor.mcp.registerServer({
    name: 'my-remote-server',
    server: {
      url: 'https://api.example.com/mcp',
      headers: {
        'Authorization': 'Bearer my-token',
        'X-Custom-Header': 'my-value'
      }
    }
  });

2. Observe that the MCP server receives no Authorization or custom headers in incoming requests.

Expected Behavior

All headers specified in RemoteServerConfig should be included in requests to the remote MCP server, as documented in the MCP Extension API Reference (MCP Extension API Reference | Cursor Docs).

Operating System

MacOS

Version Information

Version: 2.5.17
VSCode Version: 1.105.1
Commit: 7b98dcb824ea96c9c62362a5e80dbf0d1aae4770
Date: 2026-02-17T05:58:33.110Z
Build Type: Stable
Release Track: Default
Electron: 39.3.0
Chromium: 142.0.7444.265
Node.js: 22.21.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.3.0

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hey, thanks for the detailed report and for finding the root cause in VS Code.

A couple quick questions to narrow it down:

1. Do you see the same issue if you set up the remote MCP server via .cursor/mcp.json with headers, instead of using the extension API? This will help us tell if it’s specific to registerServer() or if it affects the MCP client more broadly.
2. Did you confirm the headers were missing by checking the actual network traffic, like with a proxy or server logs?

Let me know what you find with the config file test. It’ll help clarify how widespread this is.

Sure.

1. No, it works with .cursor/mcp.json

2. Yes. I tried the same extension code with VS Code itself. It is able to send the headers:
   ```
   DEBUG [6d75e5e6] → POST /mcp
   Request Headers:
   {
   “host”: “127.0.0.1:62603”,
   “connection”: “keep-alive”,
   “authorization”: “Bearer ….”,
   “content-type”: “application/json”,
   “accept”: “text/event-stream, application/json”,
   “user-agent”: “Visual Studio Code/1.108.2”,
   “accept-language”: “*”,
   “sec-fetch-mode”: “cors”,
   “accept-encoding”: “gzip, deflate”,
   “content-length”: “351”
   }
   ```

   while Cursor is not:

   ```
   DEBUG [2e3c21ad] → POST /mcp
   Request Headers:
   {
   “host”: “127.0.0.1:63122”,
   “connection”: “keep-alive”,
   “user-agent”: “Cursor/2.4.28 (darwin arm64)”,
   “content-type”: “application/json”,
   “accept”: “application/json, text/event-stream”,
   “accept-language”: “*”,
   “sec-fetch-mode”: “cors”,
   “accept-encoding”: “gzip, deflate”,
   “content-length”: “217”
   }
   ```

Hi @deanrie! Is there any plan to fix this? Or is there any timeline for VSCode version upgrade?

Hey @deanrie, any updates?

Hey, sorry for the delay.

Your diagnosis is spot on. This is tied to an upstream VS Code fix that hasn’t been merged into our fork yet. The fact that .cursor/mcp.json works but registerServer() doesn’t confirms the issue is isolated to the extension API path.

The team is aware. There’s no ETA for bringing in the upstream fix, but your report, especially the network log comparison, helps us prioritize it.

For now, the workaround is to use .cursor/mcp.json for remote servers that need headers, as you already confirmed, it works.

I’ll post an update here if we hear more.

@deanrie thank you for your response.

Since headers like Authentication change on every extension run and we want to keep them in memory (without writing to a file), I can’t consider using .cursor/mcp.json as a workaround. That said, I understand, and we’ll wait for the upstream fix from your side.

Hey @deanrie! Pinging to keep the topic open. Please let us know if there is any progress on this.

Pinging to keep the topic open. Please let us know if there is any progress on this.

Workaround if you have control over the MCP server (to update auth logic): Pass headers as params like ?key=<value> in the URL instead of headers

Hello, also interested in this

Hey, thanks for keeping an eye on this.

Nothing has changed yet. The bug is logged and the team is aware. The upstream fix in VS Code has been available for a while, but it still hasn’t been merged into our fork. Sadly, I can’t share an ETA.

@alperen, I see your workaround using request params. That works if you control the server. If you don’t, .cursor/mcp.json is still the only option, but it has limits with dynamic tokens.

@realark, for now it’s still the same two options:

• .cursor/mcp.json with headers, works but tokens are static
• Request params in the URL, if you control the MCP server

I’ll update the thread when there’s news.