jubnl 001cc6431b fix: 404 JSON + open CORS for all /.well-known/* paths ...

ChatGPT probes /.well-known/openid-configuration and the RFC 8414
path-suffixed form /.well-known/oauth-authorization-server/mcp before
(or instead of) following the RFC 9728 WWW-Authenticate chain.
Both returned 200 HTML from the SPA catch-all, which clients can't
parse as JSON — ChatGPT reported 'does not implement OAuth'.

Two fixes:
- Extend open-CORS pre-middleware from /.well-known/oauth-* to all
  /.well-known/* so browser-based probes aren't CORS-blocked
- Add a 404 JSON catch-all for /.well-known/* paths the SDK metadata
  router doesn't handle, placed before the SPA catch-all

2026-05-05 14:16:28 +02:00

..

assets

refactor: move airports.json out of server/data into server/assets

2026-04-18 02:02:09 +02:00

public

chore(CRLF): normalize index.html line endings to LF

2026-04-05 04:35:17 +02:00

scripts

docs: add full wiki with 74 pages, assets, and CI workflow

2026-04-20 10:11:53 +02:00

src

fix: 404 JSON + open CORS for all /.well-known/* paths

2026-05-05 14:16:28 +02:00

tests

feat: migrate OAuth public endpoints to MCP SDK auth handlers

2026-05-05 13:01:32 +02:00

.env.example

fix: add APP_VERSION fallback and HOST bind address env var (#952 #953) (#955)

2026-05-04 14:21:55 +02:00

package-lock.json

chore: bump version to 3.0.15 [skip ci]

2026-05-04 12:22:15 +00:00

package.json

chore: bump version to 3.0.15 [skip ci]

2026-05-04 12:22:15 +00:00

reset-admin.js

Stabilize core: better-sqlite3, versioned migrations, graceful shutdown

2026-03-22 17:52:24 +01:00

tsconfig.json

feat: migrate OAuth public endpoints to MCP SDK auth handlers

2026-05-05 13:01:32 +02:00

vitest.config.ts

refactor(mcp): replace direct DB access with service layer calls

2026-04-04 18:12:53 +02:00