From 31e659d63fdf0a3a3c35e073ee0906d47afef46c Mon Sep 17 00:00:00 2001
From: Nilanjan De <nilanjan.de@gmail.com>
Date: Mon, 21 Jul 2025 14:21:54 +0400
Subject: [PATCH] Correct CORS headers required for connecting from browser
 based MCP Clients

---
 src/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/index.ts b/src/index.ts
index 6af25d4..79b2632 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -213,7 +213,8 @@ async function main() {
       // Set CORS headers for all responses
       res.setHeader("Access-Control-Allow-Origin", "*");
       res.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,DELETE");
-      res.setHeader("Access-Control-Allow-Headers", "Content-Type, MCP-Session-Id, mcp-session-id");
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type, mcp-session-id");
+      res.setHeader("Access-Control-Expose-Headers", "MCP-Session-Id");
 
       // Handle preflight OPTIONS requests
       if (req.method === "OPTIONS") {