diff --git a/package-lock.json b/package-lock.json index 34ecd5d41b..7a6e772c59 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1376,6 +1376,16 @@ "@types/node": "*" } }, + "node_modules/@types/cors": { + "version": "2.8.19", + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz", + "integrity": "sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/diff": { "version": "5.2.3", "resolved": "https://registry.npmjs.org/@types/diff/-/diff-5.2.3.tgz", @@ -5819,6 +5829,7 @@ "license": "MIT", "dependencies": { "@modelcontextprotocol/sdk": "^1.18.0", + "cors": "^2.8.5", "express": "^4.21.1", "zod": "^3.23.8", "zod-to-json-schema": "^3.23.5" @@ -5827,6 +5838,7 @@ "mcp-server-everything": "dist/index.js" }, "devDependencies": { + "@types/cors": "^2.8.19", "@types/express": "^5.0.0", "shx": "^0.3.4", "typescript": "^5.6.2" diff --git a/src/everything/package.json b/src/everything/package.json index c0a240de49..e388922d1a 100644 --- a/src/everything/package.json +++ b/src/everything/package.json @@ -23,11 +23,13 @@ }, "dependencies": { "@modelcontextprotocol/sdk": "^1.18.0", + "cors": "^2.8.5", "express": "^4.21.1", "zod": "^3.23.8", "zod-to-json-schema": "^3.23.5" }, "devDependencies": { + "@types/cors": "^2.8.19", "@types/express": "^5.0.0", "shx": "^0.3.4", "typescript": "^5.6.2" diff --git a/src/everything/sse.ts b/src/everything/sse.ts index f201341948..f5b984e9b1 100644 --- a/src/everything/sse.ts +++ b/src/everything/sse.ts @@ -1,11 +1,17 @@ import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js"; import express from "express"; import { createServer } from "./everything.js"; +import cors from 'cors'; console.error('Starting SSE server...'); const app = express(); - +app.use(cors({ + "origin": "*", // use "*" with caution in production + "methods": "GET,POST", + "preflightContinue": false, + "optionsSuccessStatus": 204, +})); // Enable CORS for all routes so Inspector can connect const transports: Map = new Map(); app.get("/sse", async (req, res) => { diff --git a/src/everything/streamableHttp.ts b/src/everything/streamableHttp.ts index c4fed73803..c5d0eeea65 100644 --- a/src/everything/streamableHttp.ts +++ b/src/everything/streamableHttp.ts @@ -3,10 +3,22 @@ import { InMemoryEventStore } from '@modelcontextprotocol/sdk/examples/shared/in import express, { Request, Response } from "express"; import { createServer } from "./everything.js"; import { randomUUID } from 'node:crypto'; +import cors from 'cors'; console.error('Starting Streamable HTTP server...'); const app = express(); +app.use(cors({ + "origin": "*", // use "*" with caution in production + "methods": "GET,POST,DELETE", + "preflightContinue": false, + "optionsSuccessStatus": 204, + "exposedHeaders": [ + 'mcp-session-id', + 'last-event-id', + 'mcp-protocol-version' + ] +})); // Enable CORS for all routes so Inspector can connect const transports: Map = new Map(); @@ -15,6 +27,7 @@ app.post('/mcp', async (req: Request, res: Response) => { try { // Check for existing session ID const sessionId = req.headers['mcp-session-id'] as string | undefined; + let transport: StreamableHTTPServerTransport; if (sessionId && transports.has(sessionId)) {