Skip to content

Commit 25ff1b6

Browse files
Theodor N. EngøyTheodor N. Engøy
Theodor N. Engøy
authored and
Theodor N. Engøy
committed
docs: clarify CORS allowlist intent in demo
1 parent 21c732e commit 25ff1b6

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

examples/server/src/elicitationUrlExample.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -220,8 +220,9 @@ const AUTH_PORT = process.env.MCP_AUTH_PORT ? Number.parseInt(process.env.MCP_AU
220220

221221
const app = createMcpExpressApp();
222222

223-
// CORS: allow only localhost origins (typical for local dev / Inspector direct connect),
224-
// and expose the Mcp-Session-Id header.
223+
// CORS: allow only localhost origins (typical for local dev / Inspector direct connect).
224+
// If you intentionally expose this demo remotely, replace this allowlist with your own.
225+
// Also expose the Mcp-Session-Id header.
225226
app.use(
226227
cors({
227228
origin: [/^http:\/\/localhost(?::\d+)?$/, /^http:\/\/127\.0\.0\.1(?::\d+)?$/, /^http:\/\/\[::1\](?::\d+)?$/],

0 commit comments

Comments
 (0)