Skip to content

Fix MCP host and add CORS middleware #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Sirajmx wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix MCP host and add CORS middleware #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ce8cd06
mcp fix
Sirajmx Apr 23, 2026
5f293f0
mcp host fix
Sirajmx Apr 23, 2026
597f337
cors and trust proxy header middleware
Sirajmx Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions src/ad_seller/interfaces/api/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@
from typing import Any, Optional

from fastapi import Depends, FastAPI, HTTPException
from fastapi.middleware.cors import CORSMiddleware
from pydantic import BaseModel
from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware

logger = logging.getLogger(__name__)

Expand All @@ -31,6 +33,7 @@
version="1.0.0",
contact={"name": "IAB Tech Lab", "url": "https://iabtechlab.com"},
license_info={"name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0"},
root_path_in_servers=False,
openapi_tags=[
{"name": "Core", "description": "Health check and API root"},
{"name": "Products", "description": "Product catalog browsing"},
Expand Down Expand Up @@ -65,6 +68,21 @@
# Lifecycle: start/stop background services
# =============================================================================

# Trust X-Forwarded-Proto / X-Forwarded-For from Cloud Run so that Starlette
# generates https:// redirects instead of http:// ones behind the TLS proxy.
app.add_middleware(ProxyHeadersMiddleware, trusted_hosts="*")

# Allow all browser-based clients — buyer UIs, claude.ai, SSP dashboards, etc.
# The MCP Streamable HTTP protocol requires CORS for browser-originated requests.
app.add_middleware(
CORSMiddleware,
allow_origins=["*"],
allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
allow_headers=["*"],
allow_credentials=False,
expose_headers=["*"],
)

_mcp_server_ref = None


Expand Down
7 changes: 7 additions & 0 deletions src/ad_seller/interfaces/mcp_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,13 @@
"and interact with buyer agents. On first connection, check setup status "
"and offer the guided setup wizard if configuration is incomplete."
),
# streamable_http_path="/" so that when mounted at /mcp in FastAPI the
# endpoint resolves to /mcp (not /mcp/mcp which is the default).
streamable_http_path="/",
# host="0.0.0.0" disables the auto DNS-rebinding protection that FastMCP
# applies when host is 127.0.0.1/localhost. That protection blocks requests
# from Cloud Run (Host header is the public *.run.app domain) with 421.
host="0.0.0.0",
)


Expand Down
Loading