fix: add critical SSE headers and fix CORS for ChatGPT

- Add X-Accel-Buffering: no header to prevent nginx buffering
- Add immediate keepalive comment on SSE connection
- Add Access-Control-Allow-Methods and Allow-Headers
- Fix CORS configuration to always enable (not conditional)
- Change docker-compose to always enable CORS in production
- Update .env and .env.example with proper CORS defaults

Fixes ChatGPT MCP connector timeout issue.

Author: dadadadas111

.env.example

@@ -14,12 +14,13 @@ IOT_API_KEY=your-api-key-here
 IOT_API_TIMEOUT=30000
 
 # CORS Configuration
-# Enable CORS for cross-origin requests
+# Enable CORS for cross-origin requests (required for ChatGPT/Claude)
 ENABLE_CORS=true
 
 # Comma-separated list of allowed origins
-# Use * to allow all origins (not recommended for production)
-CORS_ORIGINS=http://localhost:3000,https://chat.openai.com,https://claude.ai
+# Use * to allow all origins (recommended for MCP servers)
+# Or specify: https://chat.openai.com,https://claude.ai
+CORS_ORIGINS=*
 
 # Rate Limiting
 # Enable rate limiting to prevent abuse

docker-compose.yml

@@ -8,18 +8,18 @@ services:
     ports:
       - '${PORT:-3001}:3001'
     environment:
-      # Server Configuration
+      # Server
       NODE_ENV: ${NODE_ENV:-production}
-      PORT: 3001
-      HOST: 0.0.0.0
+      PORT: ${PORT:-3001}
+      HOST: ${HOST:-0.0.0.0}
 
       # IoT Cloud API
       IOT_API_BASE_URL: ${IOT_API_BASE_URL}
       IOT_API_KEY: ${IOT_API_KEY}
       IOT_API_TIMEOUT: ${IOT_API_TIMEOUT:-30000}
 
-      # CORS Configuration
-      ENABLE_CORS: ${ENABLE_CORS:-true}
+      # CORS Configuration (always enabled for MCP)
+      ENABLE_CORS: 'true'
       CORS_ORIGINS: ${CORS_ORIGINS:-*}
 
       # Rate Limiting

src/api/controllers/mcp.controller.ts

@@ -25,11 +25,17 @@ export class McpController {
     description: 'SSE stream established',
   })
   async streamMcpEvents(@Req() req: Request, @Res() res: Response): Promise<void> {
-    // Set SSE headers
+    // Set SSE headers (ChatGPT-compatible)
     res.setHeader('Content-Type', 'text/event-stream');
     res.setHeader('Cache-Control', 'no-cache');
     res.setHeader('Connection', 'keep-alive');
+    res.setHeader('X-Accel-Buffering', 'no'); // Prevent nginx buffering
     res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+    // Send immediate keepalive to prevent timeout
+    res.write(': keepalive\n\n');
 
     // Store connection state
     const connectionState = {

src/main.ts

@@ -9,15 +9,16 @@ async function bootstrap() {
 
   const configService = app.get(ConfigService);
 
-  // Enable CORS
-  const enableCors = configService.get<string>('ENABLE_CORS') === 'true';
-  if (enableCors) {
-    const origins = configService.get<string>('CORS_ORIGINS')?.split(',') || [];
-    app.enableCors({
-      origin: origins,
-      credentials: true,
-    });
-  }
+  // Enable CORS (always enable for MCP compatibility)
+  const enableCors = configService.get<string>('ENABLE_CORS') !== 'false';
+  const origins = configService.get<string>('CORS_ORIGINS')?.split(',') || ['*'];
+
+  app.enableCors({
+    origin: origins.length > 0 && origins[0] !== '*' ? origins : '*',
+    methods: ['GET', 'POST', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'Accept'],
+    credentials: true,
+  });
 
   // Global validation pipe
   app.useGlobalPipes(