Add User-Agent header to fix Cloudflare 403 on GitLab.com

[Copilot]

Cloudflare blocks requests without User-Agent headers. The MCP server uses node-fetch which doesn't set this header by default, causing 403 errors when accessing GitLab.com.

Changes

• Added User-Agent: gitlab-mcp-server/${version} (node-fetch) to BASE_HEADERS
• Added test to verify User-Agent header presence

Example

Before:

const BASE_HEADERS: Record<string, string> = {
  Accept: "application/json",
  "Content-Type": "application/json",
};

After:

const BASE_HEADERS: Record<string, string> = {
  Accept: "application/json",
  "Content-Type": "application/json",
  "User-Agent": `gitlab-mcp-server/${SERVER_VERSION} (node-fetch)`,
};

All HTTP requests to GitLab APIs now include this header, making them pass Cloudflare's bot detection.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>403 Forbidden due to Cloudflare when using MCP server on GitLab.com</issue_title>
<issue_description>Hi,

I’m using GitHub Copilot in PhpStorm with gitlab-mcp to access GitLab.com. While direct curl requests with my Personal Access Token work fine, the MCP server returns 403 Forbidden with a Cloudflare “Just a moment… Enable JavaScript and cookies to continue” page when trying to fetch merge requests.

Interestingly, using the official GitLab MCP server does not produce this issue.

Is this a known limitation of gitlab-mcp with Cloudflare-protected GitLab instances, or is it something specific to my setup?

Thanks for any guidance!</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes 403 Forbidden due to Cloudflare when using MCP server on GitLab.com #287

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.