edoardo 1.0.4 → 1.0.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edoardo",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "AI Agent with MCP plugin support - Chat with AI models and extend capabilities with plugins",
   "type": "module",
   "bin": {

package/server/standalone.js

@@ -10,7 +10,6 @@
  */
 
 import express from 'express';
-import cors from 'cors';
 import { spawn } from 'child_process';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
@@ -29,19 +28,24 @@ const stdioServers = new Map();
 
 // ============ CORS (must be first for all requests!) ============
 
-const corsOptions = {
-  origin: true,
-  credentials: true,
-  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
-  allowedHeaders: ['Content-Type', 'Authorization', 'X-MCP-Endpoint', 'X-MCP-Auth-Type', 'X-MCP-Auth-Token', 'X-MCP-Extra-Config', 'X-MCP-Type', 'X-MCP-Command', 'X-MCP-Args', 'X-MCP-Allowed-Paths'],
-  preflightContinue: false,
-  optionsSuccessStatus: 204
-};
+// Manual CORS middleware - handles all requests including preflight
+app.use((req, res, next) => {
+  const origin = req.headers.origin;
+
+  // Allow all origins (for standalone deployment)
+  res.setHeader('Access-Control-Allow-Origin', origin || '*');
+  res.setHeader('Access-Control-Allow-Credentials', 'true');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-MCP-Endpoint, X-MCP-Auth-Type, X-MCP-Auth-Token, X-MCP-Extra-Config, X-MCP-Type, X-MCP-Command, X-MCP-Args, X-MCP-Allowed-Paths');
+  res.setHeader('Access-Control-Max-Age', '86400');
 
-app.use(cors(corsOptions));
+  // Handle preflight OPTIONS request
+  if (req.method === 'OPTIONS') {
+    return res.status(204).end();
+  }
 
-// Explicit OPTIONS handler for all routes (preflight)
-app.options('*', cors(corsOptions));
+  next();
+});
 
 app.use(express.json());