Merge branch 'main' into bugfix/tool-validation-not-jsonrpc-error

Author: KKonstantinov

src/server/auth/handlers/metadata.test.ts

@@ -29,7 +29,7 @@ describe('Metadata Handler', () => {
         const response = await supertest(app).post('/.well-known/oauth-authorization-server').send({});
 
         expect(response.status).toBe(405);
-        expect(response.headers.allow).toBe('GET');
+        expect(response.headers.allow).toBe('GET, OPTIONS');
         expect(response.body).toEqual({
             error: 'method_not_allowed',
             error_description: 'The method POST is not allowed for this endpoint'

src/server/auth/handlers/metadata.ts

@@ -10,7 +10,7 @@ export function metadataHandler(metadata: OAuthMetadata | OAuthProtectedResource
     // Configure CORS to allow any origin, to make accessible to web-based MCP clients
     router.use(cors());
 
-    router.use(allowedMethods(['GET']));
+    router.use(allowedMethods(['GET', 'OPTIONS']));
     router.get('/', (req, res) => {
         res.status(200).json(metadata);
     });