Cloudflare tunnels can strip Authorization headers due to CORS preflight requests, causing authentication failures when connecting remotely.
{
"mcpServers": {
"ga4-gsc-mcp": {
"type": "http",
"url": "https://mcp2.wlmedia.com/mcp",
"headers": {
"Authorization": "Bearer mypassword"
},
"tools": ["..."]
}
}
}If Authorization headers are being stripped, try using custom headers:
{
"mcpServers": {
"ga4-gsc-mcp": {
"type": "http",
"url": "https://mcp2.wlmedia.com/mcp",
"headers": {
"X-API-Key": "mypassword"
},
"tools": ["..."]
}
}
}Or:
{
"mcpServers": {
"ga4-gsc-mcp": {
"type": "http",
"url": "https://mcp2.wlmedia.com/mcp",
"headers": {
"X-Auth-Token": "mypassword"
},
"tools": ["..."]
}
}
}{
"mcpServers": {
"ga4-gsc-mcp": {
"type": "http",
"url": "https://mcp2.wlmedia.com/mcp?key=mypassword",
"tools": ["..."]
}
}
}To preserve Authorization headers, update your cloudflared.yml:
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json
ingress:
- hostname: mcp2.wlmedia.com
service: http://localhost:8080
originRequest:
httpHostHeader: "localhost:8080"
connectTimeout: 30s
tlsTimeout: 10s
tcpKeepAlive: 30s
keepAliveConnections: 100
keepAliveTimeout: 90s
- service: http_status:404- Test locally first - ensure header auth works with
http://localhost:8080 - Test remote with custom headers - try
X-API-KeyorX-Auth-Token - Fallback to URL parameters - guaranteed to work but less secure
# Test local server
uv run test_auth_debug.py http://localhost:8080 mypassword
# Test remote tunnel
uv run test_auth_debug.py https://mcp2.wlmedia.com mypassword test_bothThe enhanced server now:
- ✅ Handles CORS preflight requests
- ✅ Supports custom header authentication
- ✅ Preserves URL parameter fallback
- ✅ Provides detailed logging for debugging