Added CORS middleware to allow cross-origin requests#371
Closed
jerome3o-anthropic wants to merge 61 commits into
Closed
Added CORS middleware to allow cross-origin requests#371jerome3o-anthropic wants to merge 61 commits into
jerome3o-anthropic wants to merge 61 commits into
Conversation
…s can use this in their tests
- Allow any origin to make requests - Allow GET, POST, and OPTIONS HTTP methods - Allow any headers - Allow sending credentials with requests Also added OPTIONS method to auth routes to handle CORS preflight requests.
Member
|
This needs to wrap the Starlette application. Ref.: https://www.starlette.io/middleware/#corsmiddleware-global-enforcement |
Kludex
requested changes
Apr 10, 2025
Comment on lines
+563
to
+572
| middleware = [ | ||
| # Add CORS middleware to allow cross-origin requests | ||
| Middleware( | ||
| CORSMiddleware, | ||
| allow_origins=["*"], # Allow any origin | ||
| allow_methods=["GET", "POST", "OPTIONS"], | ||
| allow_headers=["*"], | ||
| allow_credentials=True, | ||
| ), |
Member
There was a problem hiding this comment.
The CORSMiddleare needs to wrap the application, not be included in the middleware parameter.
|
any updates? |
|
How can I help to make this a reality? |
|
I added the following code, but it requires to connect to Starlett. Not a very clear pathway to many. This works, maybe use some of this code to add the option to pass an option object and integrate when declaring it. from mcp.server.fastmcp import FastMCP
from starlette.middleware.cors import CORSMiddleware
import random
# Create an MCP server
mcp = FastMCP(
"Weather Service",
stateless_http=True,
)
# Tool implementation
@mcp.tool()
def get_weather(location: str) -> str:
"""Get the current weather for a specified location."""
return f"Weather in {location}: Sunny, 72°F"
@mcp.tool()
def greet(name: str) -> str:
"""Greet a user by name."""
return f"Hello, {name}!"
@mcp.tool()
def add_numbers(a: float, b: float) -> float:
"""Add two numbers together."""
return a + b
jokes = [
"Why do programmers prefer dark mode? Because light attracts bugs.",
"How many programmers does it take to change a light bulb? None, it's a hardware problem.",
"Why was the computer cold? It left its Windows open.",
"Bugs come in through open Windows."
]
@mcp.tool()
def get_random_joke() -> str:
"""Tell a random programming joke."""
return random.choice(jokes)
programming_facts = [
"The first computer programmer was Ada Lovelace.",
"Python is named after the British comedy group Monty Python.",
"The first ever computer virus was created in 1971 and was called the 'Creeper' program."
]
@mcp.tool()
def get_programming_fact() -> str:
"""Get a random programming fact."""
return random.choice(programming_facts)
# Resource implementation
@mcp.resource("weather://{location}")
def weather_resource(location: str) -> str:
"""Provide weather data as a resource."""
return f"Weather data for {location}: Sunny, 72°F"
# Prompt implementation
@mcp.prompt()
def weather_report(location: str) -> str:
"""Create a weather report prompt."""
return f"""You are a weather reporter. Weather report for {location}?"""
# Generates the base Starlette/ASGI application
fastmcp_asgi_app = mcp.streamable_http_app() # IMO: Here should be an option to add cors dict with configuration
# Set up the CORSMiddleware
cors_middleware = CORSMiddleware(
app=fastmcp_asgi_app, # Wraps the app generated by mcp
allow_origins=["*"], # Allows any origin. Change '*' to a list of your domains in production.
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# The final app to run is the middleware wrapping the base app
app_with_cors = cors_middleware
# Run the server
if __name__ == "__main__":
import uvicorn
# Ejecuta la aplicación envuelta con el middleware
uvicorn.run(app_with_cors, host="127.0.0.1", port=8000) |
Contributor
|
This looks quite stale, @jerome3o-anthropic closing it |
Kludex
added a commit
that referenced
this pull request
Jun 26, 2026
The conformance handler now replays the harness-supplied toolCalls verbatim (including the null and Base64-edge-case values) instead of synthesizing arguments from the schema, so every per-parameter check is exercised: the null-omission and Base64-unsafe checks now fire correctly. Pins CONFORMANCE_PKG to the pkg.pr.new preview of conformance#371, which fixes the fixture's spec-forbidden number-typed x-mcp-header annotations, and removes http-custom-headers from both expected-failures baselines (it now passes 18/18 on both the default and 2026-07-28 legs). Repin to the published release once #371 ships.
9 tasks
maxisbey
added a commit
that referenced
this pull request
Jun 26, 2026
conformance#371 has merged. Switch the pkg.pr.new pin from the PR-branch commit (ed314a73) to the merge commit on main (b18aa918) — same tarball bytes (SHA256 unchanged), but durable against PR-branch deletion. No published @modelcontextprotocol/conformance release includes #371 yet (latest is 0.2.0-alpha.7, cut before the merge), so the pkg.pr.new + SHA256 verify machinery stays for now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Also added OPTIONS method to auth routes to handle CORS preflight requests.
Motivation and Context
How Has This Been Tested?
Breaking Changes
Types of changes
Checklist
Additional context