Conversation
Signed-off-by: Calum Murray <cmurray@redhat.com>
Signed-off-by: Calum Murray <cmurray@redhat.com>
|
I'm not sure about this one. I'll better check once we merge the others. Note that all of the CORS issues are caused by a bad implementation of the modelcontextprotocol inspector. The main problem is that it's performing operations that should be handled by the backend from the browser (maybe due to a limitation on how it was implemented in the first place). |
| } | ||
| } | ||
|
|
||
| func setCORSHeaders(w http.ResponseWriter, origin string, corsConfig *config.CORSConfig) { |
There was a problem hiding this comment.
not really sure we want that all the time.
Is it perhaps worth also following up on the cors issue, w/ the inspector tool?
|
@manusa @matzew from modelcontextprotocol/inspector#817 (comment) it looks like we should at least be setting CORS headers to allow all origins for the |
In any case, this should be handled by the proxied keycloak instance. |
|
Just to clarify: In this case, the implementation would be as simple as adding the header somewhere within: But still, this should be responsibility of the proxied auth provider. |
Ah, I had missed that - I am good with closing this then, but ideally I don't think we should require CORS disabled browsers for testing |
Agreed. AFAIU the changes in #393 should be enough (if not there might be some other underlying issue). For me #393 is fine regardless if what it's stated in modelcontextprotocol/inspector#817 (comment) is a common practice or not (I'd really like to see the sources that back what's stated in that screen shot). |
|
Closing this as per discussion above - let's go with just the changes in #393 for now |
3 participants
This PR adds basic support for CORS.
This is needed for: