Skip to content

Allow browser-based MCP clients via CORS and cross-origin bypass#2359

Draft
RossTarrant wants to merge 1 commit intomainfrom
rosstarrant/allow-browser-mcp-clients
Draft

Allow browser-based MCP clients via CORS and cross-origin bypass#2359
RossTarrant wants to merge 1 commit intomainfrom
rosstarrant/allow-browser-mcp-clients

Conversation

@RossTarrant
Copy link
Copy Markdown

@RossTarrant RossTarrant commented Apr 20, 2026

Summary

Add CORS support and configurable cross-origin protection to allow browser-based MCP clients to connect to the HTTP server.

Why

We recently upgraded the MCP Go SDK from v1.3.1 to v1.5.0, which brought in cross-origin request protection added in v1.4.1. This uses net/http.CrossOriginProtection to reject cross-origin POST requests by default based on the Sec-Fetch-Site header.

Browser-based clients (e.g. MCP Inspector which was used to test this PR) send Sec-Fetch-Site: cross-site and get a 403. Additionally, the HTTP server had no CORS headers, so browsers blocked requests at the preflight stage before even reaching the CSRF check.

Fixes #2342

What changed

  • Added CrossOriginProtection field to ServerConfig so consumers can configure the SDK's cross-origin behavior
  • RunHTTPServer defaults to bypassing cross-origin protection for the local HTTP server
  • Passes the configured CrossOriginProtection through to the SDK's StreamableHTTPOptions
  • Added SetCorsHeaders middleware handling preflight OPTIONS and setting Access-Control-* headers
  • Wired SetCorsHeaders into the MCP route group

MCP impact

  • No tool or API changes
  • Tool schema or behavior changed
  • New tool added

Prompts tested (tool changes only)

  • N/A

Security / limits

  • No security or limits impact

  • Auth / permissions considered

  • Data exposure, filtering, or token/size limits considered

  • CORS uses Access-Control-Allow-Origin: * which is safe because auth is bearer-token-only (not cookie-based)

  • Cross-origin protection bypass is opt-in via ServerConfig; SDK default (reject) is preserved for library consumers

Tool renaming

  • I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
    • I have added the new tool aliases in deprecated_tool_aliases.go
  • I am not renaming tools as part of this PR

Note: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with ./script/test

Docs

  • Not needed
  • Updated (README / docs / examples)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Is direct browser access to Remote GitHub MCP Server officially supported? Behaviour has changed recently

1 participant

@RossTarrant