From 1c903e2652498cfa0b7ea44363306cec1074cd50 Mon Sep 17 00:00:00 2001 From: Langel Date: Fri, 27 Feb 2026 11:03:26 +0800 Subject: [PATCH] fix: add missing comma in whitelist.py causing /mcp* routes to be unwhitelisted "*.css.map" was missing a trailing comma, causing Python's implicit string literal concatenation to merge it with the next entry into "*.css.map/mcp*". This made the /mcp* whitelist rule never match, so all /mcp/* endpoints (mcp_start, mcp_question, mcp_get_sql, mcp_execute_sql, etc.) were blocked by TokenMiddleware with "Miss Token[X-SQLBOT-TOKEN]" even though they are intended to handle their own authentication internally. --- backend/common/utils/whitelist.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/common/utils/whitelist.py b/backend/common/utils/whitelist.py index be8b556f..bdbea342 100644 --- a/backend/common/utils/whitelist.py +++ b/backend/common/utils/whitelist.py @@ -21,7 +21,7 @@ "*.ttf", "*.eot", "*.otf", - "*.css.map" + "*.css.map", "/mcp*", "/system/license", "/system/config/key", @@ -90,4 +90,4 @@ def add_path(self, path: str) -> None: if "*" in path: self._compile_patterns() -whiteUtils = WhitelistChecker() \ No newline at end of file +whiteUtils = WhitelistChecker()