OptionalallowedList of allowed host header values for DNS rebinding protection. If not specified, host validation is disabled.
OptionalallowedList of allowed origin header values for DNS rebinding protection. If not specified, origin validation is disabled.
OptionalenableEnable DNS rebinding protection (requires allowedHosts and/or allowedOrigins to be configured). Default is false for backwards compatibility.
OptionalenableIf true, the server will return JSON responses instead of starting an SSE stream. This can be useful for simple request/response scenarios without streaming. Default is false (SSE streams are preferred).
OptionaleventEvent store for resumability support If provided, resumability will be enabled, allowing clients to reconnect and resume messages
OptionalonsessioninitializedA callback for session initialization events This is called when the server initializes a new session. Useful in cases when you need to register multiple mcp sessions and need to keep track of them.
The generated session ID
Function that generates a session ID for the transport. The session ID SHOULD be globally unique and cryptographically secure (e.g., a securely generated UUID, a JWT, or a cryptographic hash)
Return undefined to disable session management.
Configuration options for StreamableHTTPServerTransport