Added CORS middleware to allow cross-origin requests

[jerome3o-anthropic]

• Allow any origin to make requests
• Allow GET, POST, and OPTIONS HTTP methods
• Allow any headers
• Allow sending credentials with requests

Also added OPTIONS method to auth routes to handle CORS preflight requests.

Motivation and Context

How Has This Been Tested?

Breaking Changes

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

[Kludex]

This needs to wrap the Starlette application.

Ref.: https://www.starlette.io/middleware/#corsmiddleware-global-enforcement

[Kludex]

The CORSMiddleare needs to wrap the application, not be included in the middleware parameter.

[wanghsinche]

any updates?

[christopherorea]

How can I help to make this a reality?

[christopherorea]

I added the following code, but it requires to connect to Starlett. Not a very clear pathway to many. This works, maybe use some of this code to add the option to pass an option object and integrate when declaring it.

from mcp.server.fastmcp import FastMCP
from starlette.middleware.cors import CORSMiddleware
import random

# Create an MCP server
mcp = FastMCP(
        "Weather Service",
        stateless_http=True,
    )

# Tool implementation
@mcp.tool()
def get_weather(location: str) -> str:
    """Get the current weather for a specified location."""
    return f"Weather in {location}: Sunny, 72°F"


@mcp.tool()
def greet(name: str) -> str:
    """Greet a user by name."""
    return f"Hello, {name}!"


@mcp.tool()
def add_numbers(a: float, b: float) -> float:
    """Add two numbers together."""
    return a + b


jokes = [
    "Why do programmers prefer dark mode? Because light attracts bugs.",
    "How many programmers does it take to change a light bulb? None, it's a hardware problem.",
    "Why was the computer cold? It left its Windows open.",
    "Bugs come in through open Windows."
]

@mcp.tool()
def get_random_joke() -> str:
    """Tell a random programming joke."""
    return random.choice(jokes)


programming_facts = [
    "The first computer programmer was Ada Lovelace.",
    "Python is named after the British comedy group Monty Python.",
    "The first ever computer virus was created in 1971 and was called the 'Creeper' program."
]

@mcp.tool()
def get_programming_fact() -> str:
    """Get a random programming fact."""
    return random.choice(programming_facts)

# Resource implementation
@mcp.resource("weather://{location}")
def weather_resource(location: str) -> str:
    """Provide weather data as a resource."""
    return f"Weather data for {location}: Sunny, 72°F"


# Prompt implementation
@mcp.prompt()
def weather_report(location: str) -> str:
    """Create a weather report prompt."""
    return f"""You are a weather reporter. Weather report for {location}?"""

# Generates the base Starlette/ASGI application
fastmcp_asgi_app = mcp.streamable_http_app() #  IMO: Here should be an option to add cors dict with configuration

# Set up the CORSMiddleware
cors_middleware = CORSMiddleware(
    app=fastmcp_asgi_app, # Wraps the app generated by mcp
    allow_origins=["*"], # Allows any origin. Change '*' to a list of your domains in production.
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

# The final app to run is the middleware wrapping the base app
app_with_cors = cors_middleware


# Run the server
if __name__ == "__main__":
    import uvicorn
    # Ejecuta la aplicación envuelta con el middleware
    uvicorn.run(app_with_cors, host="127.0.0.1", port=8000)

[ihrpr]

This looks quite stale, @jerome3o-anthropic closing it