ExMCP.Security.CORS (ex_mcp v0.10.0)
View SourceHandles Cross-Origin Resource Sharing (CORS) logic.
This module is responsible for validating request origins and building appropriate CORS headers for responses.
Summary
Functions
Builds CORS headers based on configuration.
Validates origin header against allowed origins.
Validates request origin against security policy.
Types
@type security_config() :: %{ optional(:auth) => auth_method(), optional(:headers) => [{String.t(), String.t()}], optional(:validate_origin) => boolean(), optional(:allowed_origins) => [String.t()], optional(:cors) => cors_config(), optional(:tls) => tls_config() }
Functions
@spec build_cors_headers(cors_config(), String.t() | nil) :: [ {String.t(), String.t()} ]
Builds CORS headers based on configuration.
Validates origin header against allowed origins.
Examples
iex> ExMCP.Security.CORS.validate_origin("https://example.com", ["https://example.com"])
:ok
iex> ExMCP.Security.CORS.validate_origin("https://evil.com", ["https://example.com"])
{:error, :origin_not_allowed}@spec validate_request_origin(String.t() | nil, security_config()) :: :ok | {:error, :origin_validation_failed}
Validates request origin against security policy.
This implements DNS rebinding attack protection as required by the MCP spec.