yvachot/GeoGuessrMCP
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix authentication middleware to allow OPTIONS requests

Browse source 
CORS preflight requests (OPTIONS) don't include Authorization headers
by browser design. The middleware was blocking these requests with 401.

Solution:
- Skip authentication check for OPTIONS requests
- OPTIONS requests are handled by CORS middleware only
- Actual requests (GET, POST) still require authentication

This fixes the "401 Unauthorized" error on OPTIONS /mcp when using
MCP Inspector or other browser-based clients with authentication enabled.
This commit is contained in:
Claude 2025-11-30 01:13:09 +00:00
parent d0945d99a3
commit fe71704bf8
No known key found for this signature in database
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/geoguessr_mcp/middleware/auth.py
View file

@ -54,6 +54,11 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
if request.url.path == "/health":
return await call_next(request)
# Skip authentication for OPTIONS requests (CORS preflight)
# OPTIONS requests don't include Authorization headers by design
if request.method == "OPTIONS":
return await call_next(request)
# Check for Authorization header
auth_header = request.headers.get("Authorization")