mirror of
https://github.com/modelcontextprotocol/servers.git
synced 2026-04-18 00:54:03 +02:00
Open CORS for any origin to allow direct browser connection (#2725)
* * In src/everything/sse.ts
- import cors
- use cors with config allowing any origin + GET/POST
* In src/everything/streamableHttp.ts
- import cors
- use cors with config allowing any origin + GET/POST/DELETE, and exposed protocol headers for client to read
* In package.json and package-lock.json
- add cors as a dependency
* * In package.json and package-lock.json
- add @types/cors as dev dependency
* Add caution note for CORS origin wildcard usage
Added caution note for using '*' in CORS origin.
* * In streamableHttp.ts
- remove remove unintentional console log
* * In streamableHttp.ts
- add comment about why opening cors for all routes
* * In sse.ts
- add comment about using * with caution in production for cors
* * In sse.ts
- indent on cors config
---------
Co-authored-by: shaun smith <1936278+evalstate@users.noreply.github.com>
This commit is contained in:
Cliff Hall
GitHub
@@ -23,11 +23,13 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@modelcontextprotocol/sdk": "^1.18.0",
|
||||
"cors": "^2.8.5",
|
||||
"express": "^4.21.1",
|
||||
"zod": "^3.23.8",
|
||||
"zod-to-json-schema": "^3.23.5"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/cors": "^2.8.19",
|
||||
"@types/express": "^5.0.0",
|
||||
"shx": "^0.3.4",
|
||||
"typescript": "^5.6.2"
|
||||
|
||||
Reference in New Issue
Block a user