OptionalallowedList of allowed host header values for DNS rebinding protection. If not specified, host validation is disabled.
OptionalallowedList of allowed origin header values for DNS rebinding protection. If not specified, origin validation is disabled.
OptionalenableEnable DNS rebinding protection (requires allowedHosts and/or allowedOrigins to be configured). Default is false for backwards compatibility.
OptionalenableIf true, the server will return JSON responses instead of starting an SSE stream. This can be useful for simple request/response scenarios without streaming. Default is false (SSE streams are preferred).
OptionaleventEvent store for resumability support If provided, resumability will be enabled, allowing clients to reconnect and resume messages
OptionalonsessionclosedA callback for session close events This is called when the server closes a session due to a DELETE request. Useful in cases when you need to clean up resources associated with the session. Note that this is different from the transport closing, if you are handling HTTP requests from multiple nodes you might want to close each StreamableHTTPServerTransport after a request is completed while still keeping the session open/running.
The session ID that was closed
OptionalonsessioninitializedA callback for session initialization events This is called when the server initializes a new session. Useful in cases when you need to register multiple mcp sessions and need to keep track of them.
The generated session ID
Function that generates a session ID for the transport. The session ID SHOULD be globally unique and cryptographically secure (e.g., a securely generated UUID, a JWT, or a cryptographic hash)
Return undefined to disable session management.
Configuration options for StreamableHTTPServerTransport