fix(mcp): set http server timeouts to close pre-auth slowloris hole (#214)

radimsem · claude · web-flow · commit 53c485115d11 · 2026-05-28T09:09:05.000+02:00
## Summary - Adds `ReadHeaderTimeout` (10s), `ReadTimeout` (60s), `IdleTimeout` (120s), and `MaxHeaderBytes` (1 MiB) to the MCP HTTP server, sourced from named constants in the existing `const(...)` block alongside `httpShutdownTimeout`. - Leaves `WriteTimeout` at its zero value (intentional, commented): the streamable HTTP transport keeps responses open for long-running POSTs and SSE GETs; a server-wide cap would truncate them. Slow-read defense belongs in the streaming handler's per-write deadlines. - Adds `TestRunHttp_ReadHeaderTimeout_ClosesSlowClient` — opens a TCP conn, writes a partial request line, asserts the server closes the connection within `ReadHeaderTimeout + 3s` and rejects false positives where the client-side read deadline (set well beyond the server's window) fires first. Closes #205. ## Test plan - [x] `make build` clean - [x] `make test` green (38 packages; `pkg/mcp` 10.7s incl. new Slowloris regression test) - [x] `gofmt -l pkg/mcp/` empty - [x] `go vet ./...` clean - [x] Codex review converged at pass 3 (caught the `WriteTimeout` streaming-truncation issue + the test client-deadline false-positive — both fixed before merge) - [x] `go-style-reviewer` subagent: zero findings against `.claude/rules/go-concise.md` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/pkg/mcp/http.go b/pkg/mcp/http.go
@@ -14,9 +14,13 @@ import (
 )
 
 const (
-	httpShutdownTimeout = 5 * time.Second
-	bearerPrefix        = "Bearer "
-	bearerRealm         = `Bearer realm="remindb"`
+	httpReadHeaderTimeout = 10 * time.Second
+	httpReadTimeout       = 60 * time.Second
+	httpIdleTimeout       = 120 * time.Second
+	httpMaxHeaderBytes    = 1 << 20 // 1 MiB
+	httpShutdownTimeout   = 5 * time.Second
+	bearerPrefix          = "Bearer "
+	bearerRealm           = `Bearer realm="remindb"`
 )
 
 func (s *Server) runHttp(ctx context.Context) error {
@@ -48,7 +52,17 @@ func (s *Server) runHttp(ctx context.Context) error {
 	if s.authToken != "" {
 		handler = bearerAuthMiddleware(s.authToken, handler)
 	}
-	httpSrv := &http.Server{Handler: handler}
+	// WriteTimeout is intentionally left at the zero value: streamable HTTP
+	// keeps responses open for long-running POSTs and SSE GETs, and a
+	// server-wide cap would truncate them. Slow-read defense is left to the
+	// streaming handler's own per-write deadlines.
+	httpSrv := &http.Server{
+		Handler:           handler,
+		ReadHeaderTimeout: httpReadHeaderTimeout,
+		ReadTimeout:       httpReadTimeout,
+		IdleTimeout:       httpIdleTimeout,
+		MaxHeaderBytes:    httpMaxHeaderBytes,
+	}
 
 	s.logger.Info("serve: HTTP transport ready", "listen", addr, "auth", s.authToken != "")
 
diff --git a/pkg/mcp/http_test.go b/pkg/mcp/http_test.go
@@ -3,6 +3,7 @@ package mcp
 import (
 	"bytes"
 	"context"
+	"errors"
 	"log/slog"
 	"net"
 	"net/http"
@@ -204,6 +205,65 @@ func TestRunHttp_WithAuthToken_EndToEnd(t *testing.T) {
 	}
 }
 
+func TestRunHttp_ReadHeaderTimeout_ClosesSlowClient(t *testing.T) {
+	if testing.Short() {
+		t.Skipf("skipping Slowloris regression in -short mode (waits ~%s)", httpReadHeaderTimeout)
+	}
+
+	ln, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("listen: %v", err)
+	}
+	addr := ln.Addr().String()
+
+	srv := newHttpTestServer(t, ln)
+
+	ctx, cancel := context.WithCancel(context.Background())
+	done := make(chan error, 1)
+	go func() { done <- srv.Run(ctx) }()
+	t.Cleanup(func() {
+		cancel()
+		<-done
+	})
+
+	time.Sleep(50 * time.Millisecond)
+
+	conn, err := net.DialTimeout("tcp", addr, time.Second)
+	if err != nil {
+		t.Fatalf("dial: %v", err)
+	}
+	defer func() { _ = conn.Close() }()
+
+	if _, err := conn.Write([]byte("GET / HTTP/1.1\r\n")); err != nil {
+		t.Fatalf("write partial: %v", err)
+	}
+
+	// Client deadline is intentionally much larger than the server's
+	// ReadHeaderTimeout. If the client deadline fires first, the server
+	// did not enforce its timeout and the test must fail — not pass on
+	// the client-side timeout it accidentally observed.
+	clientDeadline := httpReadHeaderTimeout + 10*time.Second
+	if err := conn.SetReadDeadline(time.Now().Add(clientDeadline)); err != nil {
+		t.Fatalf("set deadline: %v", err)
+	}
+
+	buf := make([]byte, 256)
+	start := time.Now()
+	_, readErr := conn.Read(buf)
+	elapsed := time.Since(start)
+
+	var netErr net.Error
+	if errors.As(readErr, &netErr) && netErr.Timeout() {
+		t.Fatalf("client deadline fired after %v before server closed — server did not enforce ReadHeaderTimeout", elapsed)
+	}
+	if readErr == nil {
+		t.Fatalf("read returned nil err after %v — server did not enforce ReadHeaderTimeout", elapsed)
+	}
+	if elapsed > httpReadHeaderTimeout+3*time.Second {
+		t.Errorf("server closed after %v, want within %v", elapsed, httpReadHeaderTimeout+3*time.Second)
+	}
+}
+
 func TestRunHttp_NonLoopbackInsecurePublic_LogsWarn(t *testing.T) {
 	ln, err := net.Listen("tcp", "0.0.0.0:0")
 	if err != nil {
