RemoteServerConfig headers not sent when registering MCP server via extension API - needs VS Code upstream fix

alperen · February 19, 2026, 11:33am

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

When registering a remote MCP server programmatically using the vscode.cursor.mcp.registerServer() API with RemoteServerConfig, the headers field is silently ignored. Headers such as Authorization and custom
headers (e.g. X-API-Key) are never sent to the MCP server.

Root Cause & Upstream Fix:

I believe this issue was caused by an upstream bug in VS Code’s MCP implementation. The identical issue was reported and resolved in VS Code:

microsoft/vscode#245828 (MCP Server Configuration: "headers" field incorrectly flagged as invalid and headers not sent · Issue #245828 · microsoft/vscode · GitHub) — “MCP Server Configuration: ‘headers’ field incorrectly flagged as invalid and headers not sent”

The fix was completed in the April 2025 milestone, verified, and released in VS Code Insiders.

Steps to Reproduce

Register a remote MCP server using the extension API:

  vscode.cursor.mcp.registerServer({
    name: 'my-remote-server',
    server: {
      url: 'https://api.example.com/mcp',
      headers: {
        'Authorization': 'Bearer my-token',
        'X-Custom-Header': 'my-value'
      }
    }
  });

Observe that the MCP server receives no Authorization or custom headers in incoming requests.

Expected Behavior

All headers specified in RemoteServerConfig should be included in requests to the remote MCP server, as documented in the MCP Extension API Reference (MCP Extension API Reference | Cursor Docs).

Operating System

MacOS

Version Information

Version: 2.5.17
VSCode Version: 1.105.1
Commit: 7b98dcb824ea96c9c62362a5e80dbf0d1aae4770
Date: 2026-02-17T05:58:33.110Z
Build Type: Stable
Release Track: Default
Electron: 39.3.0
Chromium: 142.0.7444.265
Node.js: 22.21.1
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.3.0

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · February 19, 2026, 12:58pm

Hey, thanks for the detailed report and for finding the root cause in VS Code.

A couple quick questions to narrow it down:

Do you see the same issue if you set up the remote MCP server via .cursor/mcp.json with headers, instead of using the extension API? This will help us tell if it’s specific to registerServer() or if it affects the MCP client more broadly.
Did you confirm the headers were missing by checking the actual network traffic, like with a proxy or server logs?

Let me know what you find with the config file test. It’ll help clarify how widespread this is.

alperen · February 19, 2026, 2:34pm

Sure.

No, it works with .cursor/mcp.json
Yes. I tried the same extension code with VS Code itself. It is able to send the headers:
```
DEBUG [6d75e5e6] → POST /mcp
Request Headers:
{
“host”: “127.0.0.1:62603”,
“connection”: “keep-alive”,
“authorization”: “Bearer ….”,
“content-type”: “application/json”,
“accept”: “text/event-stream, application/json”,
“user-agent”: “Visual Studio Code/1.108.2”,
“accept-language”: “*”,
“sec-fetch-mode”: “cors”,
“accept-encoding”: “gzip, deflate”,
“content-length”: “351”
}
```

while Cursor is not:

```
DEBUG [2e3c21ad] → POST /mcp
Request Headers:
{
“host”: “127.0.0.1:63122”,
“connection”: “keep-alive”,
“user-agent”: “Cursor/2.4.28 (darwin arm64)”,
“content-type”: “application/json”,
“accept”: “application/json, text/event-stream”,
“accept-language”: “*”,
“sec-fetch-mode”: “cors”,
“accept-encoding”: “gzip, deflate”,
“content-length”: “217”
}
```

alperen · February 23, 2026, 2:00pm

Hi @deanrie! Is there any plan to fix this? Or is there any timeline for VSCode version upgrade?

alperen · February 27, 2026, 12:25pm

Hey @deanrie, any updates?

deanrie · February 27, 2026, 4:16pm

Hey, sorry for the delay.

Your diagnosis is spot on. This is tied to an upstream VS Code fix that hasn’t been merged into our fork yet. The fact that .cursor/mcp.json works but registerServer() doesn’t confirms the issue is isolated to the extension API path.

The team is aware. There’s no ETA for bringing in the upstream fix, but your report, especially the network log comparison, helps us prioritize it.

For now, the workaround is to use .cursor/mcp.json for remote servers that need headers, as you already confirmed, it works.

I’ll post an update here if we hear more.

alperen · March 4, 2026, 9:21am

@deanrie thank you for your response.

Since headers like Authentication change on every extension run and we want to keep them in memory (without writing to a file), I can’t consider using .cursor/mcp.json as a workaround. That said, I understand, and we’ll wait for the upstream fix from your side.

alperen · March 17, 2026, 8:31am

Hey @deanrie! Pinging to keep the topic open. Please let us know if there is any progress on this.

alperen · April 2, 2026, 1:43pm

Pinging to keep the topic open. Please let us know if there is any progress on this.

Topic		Replies	Views
MCP headers config ignored when server has OAuth discovery Bug Reports mcp	2	48	March 27, 2026
Cursor MCP client probes OAuth even when server signals OAuth unavailable Bug Reports mcp , performance	1	29	March 28, 2026
Remote URL/SSE MCP still broken for agent (~12 months) + workaround Bug Reports mcp	2	60	March 17, 2026
Cursor CLI - Can't use remote MCP Servers or local with auth requirements Bug Reports cli	6	449	November 22, 2025
Cursor fails to fall back from Streamable HTTP to SSE transport for remote MCP servers Bug Reports mcp	3	162	March 13, 2026