apply requestInit to SSE GET in StreamableHTTP transport 895 problem

[rajdeepjat]

Apply requestInit to SSE GET in Streamable HTTP client so cookies/credentials are sent consistently. Previously, GET /mcp ignored requestInit causing missing cookies and auth failures.

Motivation and Context
Servers using cookie-based auth failed the SSE GET authentication because the client didn’t forward credentials on the GET request.
Aligns GET /mcp with POST /mcp behavior by reusing user-provided requestInit (e.g., credentials: 'include', mode: 'cors', headers).
How Has This Been Tested?
Manual:
HTTPS-like flow simulated locally; verified:
POST /mcp included Cookie header.
GET /mcp now includes the same Cookie when provided via requestInit.
cURL verification:
POST initialize with Cookie → 200 OK, session ID returned.
GET /mcp with Cookie + Mcp-Session-Id → 200 OK, stream established.
Unit-style check (conceptual):
Mocked fetch captured GET init and confirmed credentials/mode propagated.
Breaking Changes
None. This is additive and makes GET respect existing requestInit. No API changes.
Types of changes
[x] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Documentation update
Checklist
[x] I have read the MCP Documentation
[x] My code follows the repository's style guidelines
[x] New and existing tests pass locally
[x] I have added appropriate error handling
[x] I have added or updated documentation as needed
Additional context
For browsers, cross-site cookies require SameSite=None; Secure and CORS with exact Origin plus Access-Control-Allow-Credentials: true.
Node fetch doesn’t manage cookies automatically; callers can pass Cookie via requestInit.headers or use a cookie jar implementation if needed.