Multiple Access-Control-Allow-Origin when request specify origin headerΒ #1175
Description
Describe the bug
I am building a WASM application that connects to a GitHub MCP server. When I try to initialize the MCP connection from the browser, it automatically appends an Origin header. This seems to result in two Access-Control-Allow-Origin headers being set, which ultimately causes the browser to block the response.
Affected version
No.
I access github mcp server with curl command
Steps to reproduce the behavior
curl 'https://api.githubcopilot.com/mcp/'
-H 'accept: /'
-H 'authorization: Bearer ?'
-H 'content-type: application/json'
-H 'origin: https://example.com'
--data-raw '{"jsonrpc":"2.0","id":"88712028-eaaa-4d92-7241-fe9964f5d322","method":"initialize","params":{"capabilities":{"tools":{}},"clientInfo":{"name":"LLM Playground","version":"1.0.0"},"protocolVersion":"2024-11-05"}}' -v
Expected vs actual behavior
Expect only one header
access-control-allow-origin: *
But actual two
access-control-allow-origin: *
access-control-allow-origin: *
Logs
None