Skip to content

Commit cb03012

Browse files
DaleSeoDaleSeo
committed
docs: update config file reference
1 parent 5f2a678 commit cb03012

File tree

1 file changed

+26
-10
lines changed

1 file changed

+26
-10
lines changed

docs/source/config-file.mdx

Lines changed: 26 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ All fields are optional.
1717

1818
| Option | Type | Default | Description |
1919
| :--------------- | :-------------------- | :----------------------- | :--------------------------------------------------------------- |
20+
| `cors` | `Cors` | | CORS configuration |
2021
| `custom_scalars` | `FilePath` | | Path to a [custom scalar map](/apollo-mcp-server/custom-scalars) |
2122
| `endpoint` | `URL` | `http://localhost:4000/` | The target GraphQL endpoint |
2223
| `graphos` | `GraphOS` | | Apollo-specific credential overrides |
@@ -40,6 +41,22 @@ These fields are under the top-level `graphos` key and define your GraphOS graph
4041
| `apollo_registry_url` | `URL` | | The URL to use for Apollo's registry |
4142
| `apollo_uplink_endpoints` | `URL` | | List of uplink URL overrides. You can also provide this with the `APOLLO_UPLINK_ENDPOINTS` environment variable |
4243

44+
### CORS
45+
46+
These fields are under the top-level `cors` key and configure Cross-Origin Resource Sharing (CORS) for browser-based MCP clients.
47+
48+
| Option | Type | Default | Description |
49+
| :------------------ | :------------- | :---------------------------------- | :------------------------------------------------------------------------------------------------------- |
50+
| `enabled` | `bool` | `false` | Enable CORS support |
51+
| `origins` | `List<string>` | `[]` | List of allowed origins (exact matches). Use `["*"]` to allow any origin (not recommended in production) |
52+
| `match_origins` | `List<string>` | `[]` | List of regex patterns to match allowed origins (e.g., `"^https://localhost:[0-9]+$"`) |
53+
| `allow_any_origin` | `bool` | `false` | Allow requests from any origin. Cannot be used with `allow_credentials: true` |
54+
| `allow_credentials` | `bool` | `false` | Allow credentials (cookies, authorization headers) in CORS requests |
55+
| `allow_methods` | `List<string>` | `["GET", "POST", "OPTIONS"]` | List of allowed HTTP methods |
56+
| `allow_headers` | `List<string>` | `["content-type", "authorization"]` | List of allowed request headers |
57+
| `expose_headers` | `List<string>` | `[]` | List of response headers exposed to the browser (e.g., `["mcp-session-id"]`) |
58+
| `max_age` | `number` | `86400` | Maximum age (in seconds) for preflight cache |
59+
4360
### Health checks
4461

4562
These fields are under the top-level `health_check` key. Learn more about [health checks](/apollo-mcp-server/health-checks).
@@ -154,7 +171,6 @@ The available fields depend on the value of the nested `type` key:
154171
| `port` | `5000` (default) | `u16` | The port to bind to |
155172
| `stateful_mode` | `true` (default) | `bool` | Flag to enable or disable stateful mode and session management. |
156173

157-
158174
##### SSE (Deprecated, use StreamableHTTP)
159175

160176
| Option | Value | Value Type | Description |
@@ -167,14 +183,14 @@ The available fields depend on the value of the nested `type` key:
167183

168184
These fields are under the top-level `transport` key, nested under the `auth` key. Learn more about [authorization and authentication](/apollo-mcp-server/auth).
169185

170-
| Option | Type | Default | Description |
171-
| :-------------------------------- | :------------- | :------ | :------------------------------------------------------------------------------------------------- |
172-
| `servers` | `List<URL>` | | List of upstream delegated OAuth servers (must support OIDC metadata discovery endpoint) |
173-
| `audiences` | `List<string>` | | List of accepted audiences from upstream signed JWTs |
174-
| `resource` | `string` | | The externally available URL pointing to this MCP server. Can be `localhost` when testing locally. |
175-
| `resource_documentation` | `string` | | Optional link to more documentation relating to this MCP server |
176-
| `scopes` | `List<string>` | | List of queryable OAuth scopes from the upstream OAuth servers |
177-
| `disable_auth_token_passthrough` | `bool` | `false` | Optional flag to disable passing validated Authorization header to downstream API |
186+
| Option | Type | Default | Description |
187+
| :------------------------------- | :------------- | :------ | :------------------------------------------------------------------------------------------------- |
188+
| `servers` | `List<URL>` | | List of upstream delegated OAuth servers (must support OIDC metadata discovery endpoint) |
189+
| `audiences` | `List<string>` | | List of accepted audiences from upstream signed JWTs |
190+
| `resource` | `string` | | The externally available URL pointing to this MCP server. Can be `localhost` when testing locally. |
191+
| `resource_documentation` | `string` | | Optional link to more documentation relating to this MCP server |
192+
| `scopes` | `List<string>` | | List of queryable OAuth scopes from the upstream OAuth servers |
193+
| `disable_auth_token_passthrough` | `bool` | `false` | Optional flag to disable passing validated Authorization header to downstream API |
178194

179195
Below is an example configuration using `StreamableHTTP` transport with authentication:
180196

@@ -242,4 +258,4 @@ For example, to override the `transport.auth.servers` option, you can set the `A
242258

243259
```sh
244260
APOLLO_MCP_TRANSPORT__AUTH__SERVERS='[server_url_1,server_url_2]'
245-
```
261+
```

0 commit comments

Comments
 (0)