makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: add CORS headers for OAuth and MCP endpoints
All checks were successful
CI / ci (push) Successful in 31s
Details
CI / e2e (push) Successful in 1m2s
Details

Browse Source 
Required for claude.ai browser-based OAuth flows that make
cross-origin requests to discovery, token, and MCP endpoints.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-04 10:48:22 +02:00
parent 412ca60e42
commit 9c7bc2881c
3 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
e2e/test.db-shm Normal file
View File

Binary file not shown.

BIN
e2e/test.db-wal Normal file
View File

Binary file not shown.

6
src/server/index.ts
View File

@@ -1,5 +1,6 @@
import { Hono } from "hono"; import { Hono } from "hono";
import { serveStatic } from "hono/bun"; import { serveStatic } from "hono/bun";
import { cors } from "hono/cors";
import { db as prodDb } from "../db/index.ts"; import { db as prodDb } from "../db/index.ts";
import { seedDefaults } from "../db/seed.ts"; import { seedDefaults } from "../db/seed.ts";
import { mcpRoutes } from "./mcp/index.ts"; import { mcpRoutes } from "./mcp/index.ts";
@@ -34,6 +35,11 @@ app.get("/api/health", (c) => {
return c.json({ status: "ok" }); return c.json({ status: "ok" });
}); });
// CORS for OAuth and MCP endpoints (required for claude.ai browser-based flows)
app.use("/.well-known/*", cors());
app.use("/oauth/*", cors());
app.use("/mcp/*", cors());
// OAuth routes (must be before /api/* middleware) // OAuth routes (must be before /api/* middleware)
app.use("/oauth/*", async (c, next) => { app.use("/oauth/*", async (c, next) => {
c.set("db", prodDb); c.set("db", prodDb);