Skip to main content

HttpTransportConfig

Configuration for the HTTP transport. Accepts either a boolean or an object.

Boolean Mode

http
boolean
default:"undefined"
  • true - Enable HTTP transport with all defaults
  • false - Disable HTTP transport

Object Mode

port
number
default:"3001"
Port number for the HTTP server.
host
string
default:"127.0.0.1"
Host address to bind the server to.
bodySizeLimit
number
default:"10485760"
Maximum request body size in bytes. Default is 10MB (1024 * 1024 * 10).
debug
boolean
default:"false"
Enable debug logging for the HTTP transport.
endpoint
string
default:"/mcp"
Endpoint path for MCP requests.
cors
CorsConfig
CORS configuration. See CORS Configuration below.

CORS Configuration

Configure Cross-Origin Resource Sharing (CORS) for the HTTP transport.
origin
string | string[] | boolean
default:"*"
Allowed origins. Can be:
  • A string (e.g., "https://example.com")
  • An array of strings (e.g., ["https://app.com", "https://admin.com"])
  • A boolean (true allows all origins, false disallows all)
  • Default "*" allows all origins
methods
string | string[]
default:"['GET', 'POST']"
Allowed HTTP methods. Can be a string or array of strings.
allowedHeaders
string | string[]
Allowed request headers. The headers mcp-session-id and mcp-protocol-version are automatically added if not present.
exposedHeaders
string | string[]
Headers that browsers are allowed to access. The header mcp-session-id is automatically added if not present.
credentials
boolean
default:"false"
Allow credentials (cookies, authorization headers) in cross-origin requests.
maxAge
number
default:"86400"
How long (in seconds) preflight request results can be cached. Default is 24 hours.

Examples

Minimal Configuration

export default {
  http: true, // Use all defaults
};

Custom Port and Host

export default {
  http: {
    port: 8080,
    host: "0.0.0.0",
  },
};

Custom CORS

export default {
  http: {
    port: 3001,
    cors: {
      origin: ["https://app.example.com", "https://admin.example.com"],
      credentials: true,
      methods: ["GET", "POST", "PUT", "DELETE"],
    },
  },
};

Development Configuration

export default {
  http: {
    port: 3001,
    debug: true,
    cors: {
      origin: "*",
      credentials: false,
    },
  },
};

Production Configuration

export default {
  http: {
    port: 3001,
    host: "127.0.0.1",
    bodySizeLimit: 1024 * 1024 * 5, // 5MB
    debug: false,
    cors: {
      origin: ["https://yourdomain.com"],
      credentials: true,
      maxAge: 7200,
    },
  },
};

Build docs developers (and LLMs) love

Get started for freeTalk to us