starred/servers-modelcontextprotocol
1
0
Fork 0
mirror of https://github.com/modelcontextprotocol/servers.git synced 2026-04-18 08:03:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2279192a58e6b111101cc2bf6e7f0ddbdb934dab
servers-modelcontextprotocol/src/everything/sse.ts
Cliff Hall f8c05004d0 Open CORS for any origin to allow direct browser connection (#2725) 
* * In src/everything/sse.ts
  - import cors
  - use cors with config allowing any origin + GET/POST
* In src/everything/streamableHttp.ts
  - import cors
    - use cors with config allowing any origin + GET/POST/DELETE, and exposed protocol headers for client to read
* In package.json and package-lock.json
  - add cors as a dependency

* * In package.json and package-lock.json
  - add @types/cors as dev dependency

* Add caution note for CORS origin wildcard usage

Added caution note for using '*' in CORS origin.

* * In streamableHttp.ts
  - remove remove unintentional console log

* * In streamableHttp.ts
  - add comment about why opening cors for all routes

* * In sse.ts
  - add comment about using * with caution in production for cors

* * In sse.ts
  - indent on cors config

---------

Co-authored-by: shaun smith <1936278+evalstate@users.noreply.github.com>
2025-09-19 01:28:41 +01:00

63 lines
2.1 KiB
TypeScript
Raw Blame History

import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
import express from "express";
import { createServer } from "./everything.js";
import cors from 'cors';
console.error('Starting SSE server...');
const app = express();
app.use(cors({
"origin": "*", // use "*" with caution in production
"methods": "GET,POST",
"preflightContinue": false,
"optionsSuccessStatus": 204,
})); // Enable CORS for all routes so Inspector can connect
const transports: Map<string, SSEServerTransport> = new Map<string, SSEServerTransport>();
app.get("/sse", async (req, res) => {
let transport: SSEServerTransport;
const { server, cleanup, startNotificationIntervals } = createServer();
if (req?.query?.sessionId) {
const sessionId = (req?.query?.sessionId as string);
transport = transports.get(sessionId) as SSEServerTransport;
console.error("Client Reconnecting? This shouldn't happen; when client has a sessionId, GET /sse should not be called again.", transport.sessionId);
} else {
// Create and store transport for new session
transport = new SSEServerTransport("/message", res);
transports.set(transport.sessionId, transport);
// Connect server to transport
await server.connect(transport);
console.error("Client Connected: ", transport.sessionId);
// Start notification intervals after client connects
startNotificationIntervals(transport.sessionId);
// Handle close of connection
server.onclose = async () => {
console.error("Client Disconnected: ", transport.sessionId);
transports.delete(transport.sessionId);
await cleanup();
};
}
});
app.post("/message", async (req, res) => {
const sessionId = (req?.query?.sessionId as string);
const transport = transports.get(sessionId);
if (transport) {
console.error("Client Message from", sessionId);
await transport.handlePostMessage(req, res);
} else {
console.error(`No transport found for sessionId ${sessionId}`)
}
});
const PORT = process.env.PORT || 3001;
app.listen(PORT, () => {
console.error(`Server is running on port ${PORT}`);
});
Reference in New Issue View Git Blame Copy Permalink