Epistates/TurboMCP

[3.0.14] - 2026-04-15

Fixed

• Custom URI schemes now reach registered resource handlers
  • Change: Replaced the hardcoded allowlist (["file", "http", "https", "data", "mcp"]) with a narrow denylist (DANGEROUS_URI_SCHEMES = ["javascript", "vbscript"]).
  • Impact: Custom schemes (e.g., apple-doc://, notion://, slack://) are now correctly dispatched to user-defined handlers instead of being silently rejected.
  • Spec Compliance: Aligns with MCP 2025-11-25 spec (server/resources.mdx), which states: "The protocol defines several standard URI schemes. This list is not exhaustive — implementations are always free to use additional, custom URI schemes."
  • Implementation Details:
    • New function check_uri_scheme_safety in crates/turbomcp-core/src/security.rs (case-insensitive per RFC 3986 §3.1).
    • Updated macro injection in crates/turbomcp-macros/src/server.rs at the read_resource dispatch site.
    • Breaking Change: Error variant InputValidationError::InvalidUriScheme renamed to DangerousUriScheme.
    • Public API: Re-exported DANGEROUS_URI_SCHEMES + check_uri_scheme_safety in turbomcp-core/src/lib.rs (removed ALLOWED_URI_SCHEMES).
  • Security Context:
    • SSRF protection for URIs dereferenced by the SDK remains enforced via turbomcp-proxy's per-deployment scheme config.
    • Icon-URI check in turbomcp-protocol (requiring https: / data:) remains untouched.
  • Testing:
    • Added regression tests in crates/turbomcp-core/src/security.rs for acceptance (weather://, custom+scheme://) and rejection (JavaScript:, VBScript:).
    • Added E2E tests in crates/turbomcp/tests/v3_audit.rs (custom_uri_schemes_reach_registered_handlers, dangerous_uri_schemes_are_still_rejected).

Full Changelog: https://github.com/Epistates/turbomcp/compare/v3.0.13...v3.0.14