Describe the bug

When using SSE and connecting to a server that uses Cookies for credentials I configured the requestInit option in the StreamableHTTPClientTransport constructor to include credentials

 new StreamableHTTPClientTransport(new URL(config.url), {
      requestInit: { credentials: 'include', mode: 'cors' },
 ...

when it connects to the SSE server the following requests happend

• POST /mcp (cookies are included)
• POST /mcp (cookies are included)
• GET /mcp (cookies are NOT included)

The last GET request then fails our auth check because it does not include credentials.

To Reproduce

1. Connect to a https SSE server that requires auth cookies (make the cookies SameSite=Lax, Secure, HttpOnly)
2. The server must be on a domain other than localhost
3. During the connection you will notice the GET request with header Accept: "text/eventstream" does not include cookies

Expected behavior
The same requestInit parameters/options must always be used on all requests.

Additional context

the _startOrAuthSSE function does not include the requestInit structure when calling fetch: