Allow browser-based MCP clients via CORS and cross-origin bypass#2359
Allow browser-based MCP clients via CORS and cross-origin bypass#2359RossTarrant wants to merge 8 commits intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds CORS support and makes the MCP Go SDK’s cross-origin request protection configurable so browser-based MCP clients can reach the HTTP MCP endpoints (addressing the new default 403 behavior after the go-sdk upgrade).
Changes:
- Add
ServerConfig.CrossOriginProtectionand plumb it through tomcp.StreamableHTTPOptions. - Default
RunHTTPServerto bypass cross-origin protection when not explicitly configured. - Add
SetCorsHeadersmiddleware (including OPTIONS preflight handling) and tests for CORS + cross-origin protection behavior.
Show a summary per file
| File | Description |
|---|---|
| pkg/http/server.go | Adds CrossOriginProtection config + defaults local server to bypass SDK cross-origin protection; wires CORS middleware into MCP route group. |
| pkg/http/handler.go | Passes CrossOriginProtection into the SDK handler and introduces CORS middleware implementation. |
| pkg/http/handler_test.go | Adds unit tests for CORS headers and for SDK cross-origin protection allow/deny behavior. |
Copilot's findings
- Files reviewed: 3/3 changed files
- Comments generated: 3
| var corsAllowHeaders = strings.Join([]string{ | ||
| "Content-Type", | ||
| "Mcp-Session-Id", | ||
| "Mcp-Protocol-Version", | ||
| "Last-Event-ID", | ||
| headers.AuthorizationHeader, | ||
| headers.MCPReadOnlyHeader, | ||
| headers.MCPToolsetsHeader, | ||
| headers.MCPToolsHeader, | ||
| headers.MCPExcludeToolsHeader, | ||
| headers.MCPFeaturesHeader, | ||
| headers.MCPLockdownHeader, | ||
| headers.MCPInsidersHeader, |
There was a problem hiding this comment.
I was actually going to say define this inside the SetCorsHeaders (before returning the closure), so it's defined when you create the middleware and then used each time.
Also more importantly, we have a middleware package and this should move there.
There was a problem hiding this comment.
thanks for the feedback, this logic now sits in cors.go and defines the allowed headers inside SetCorsHeaders like you suggested
marknilsn
left a comment
marknilsn
left a comment
There was a problem hiding this comment.
I don’t think “Docs: not needed” is quite right here. This changes the practical exposure model of RunHTTPServer for browser clients, so I’d like a short docs/README note on the default posture and when operators may want stricter CrossOriginProtection behavior before merging.
Thanks for the feedback - you're right this should be documented. I've added a section to docs/streamable-http.md that covers the changes being made |
Summary
Add CORS support and configurable cross-origin protection to allow browser-based MCP clients to connect to the HTTP server.
Why
We recently upgraded the MCP Go SDK from v1.3.1 to v1.5.0, which brought in cross-origin request protection added in v1.4.1. This uses net/http.CrossOriginProtection to reject cross-origin POST requests by default based on the Sec-Fetch-Site header.
Browser-based clients (e.g. MCP Inspector which was used to test this PR) send Sec-Fetch-Site: cross-site and get a 403. Additionally, the HTTP server had no CORS headers, so browsers blocked requests at the preflight stage before even reaching the CSRF check.
Fixes #2342
What changed
MCP impact
Prompts tested (tool changes only)
Security / limits
No security or limits impact
Auth / permissions considered
Data exposure, filtering, or token/size limits considered
CORS uses Access-Control-Allow-Origin: * which is safe because auth is bearer-token-only (not cookie-based)
Cross-origin protection bypass is opt-in via ServerConfig; SDK default (reject) is preserved for library consumers
Tool renaming
deprecated_tool_aliases.goNote: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.
Lint & tests
./script/lint./script/testDocs