Conversation
- Add Authorization guide covering per-server and per-tool OAuth patterns - Add CSP & CORS guide extracted from Patterns doc - Group both under a new Security section in the documentation nav - Replace CSP & CORS section in Patterns with cross-reference to new guide - Rename doc site title from package name to 'MCP Apps' - Rename 'Modules' nav section to 'API Documentation' - Ensure Security section appears before API Documentation in TOC - Add SEO plugin with JSON-LD structured data (TechArticle/WebPage) - Add per-page meta descriptions from frontmatter - Add description frontmatter to all documentation pages - Add hostedBaseUrl for sitemap.xml generation and canonical URLs - Normalize document page slugs to lowercase hyphenated format - Update compressed navigation and search index data to match new slugs
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
@modelcontextprotocol/ext-apps
@modelcontextprotocol/server-basic-preact
@modelcontextprotocol/server-basic-react
@modelcontextprotocol/server-basic-solid
@modelcontextprotocol/server-basic-svelte
@modelcontextprotocol/server-basic-vanillajs
@modelcontextprotocol/server-basic-vue
@modelcontextprotocol/server-budget-allocator
@modelcontextprotocol/server-cohort-heatmap
@modelcontextprotocol/server-customer-segmentation
@modelcontextprotocol/server-debug
@modelcontextprotocol/server-map
@modelcontextprotocol/server-pdf
@modelcontextprotocol/server-scenario-modeler
@modelcontextprotocol/server-shadertoy
@modelcontextprotocol/server-sheet-music
@modelcontextprotocol/server-system-monitor
@modelcontextprotocol/server-threejs
@modelcontextprotocol/server-transcript
@modelcontextprotocol/server-video-resource
@modelcontextprotocol/server-wiki-explorer
commit: |
- Download favicons from modelcontextprotocol.io (light + dark variants) - Inject favicon link tags into every page with correct relative paths - Support prefers-color-scheme media queries for light/dark mode - Include apple-touch-icon for iOS - Copy favicon assets to output directory during doc build
Replace regex-based HTML tag stripping with htmlparser2 for extracting plain-text descriptions from rendered pages.
- Import Inter and JetBrains Mono fonts (matching MCP site) - Override light mode colors: pure white backgrounds, softer gray borders - Override dark mode colors: match MCP site dark background (#0f1117) - Taller header (3.5rem) with backdrop-blur frosted glass effect - Sidebar: adjusted spacing, font size, and hover/active states - Content: increased line-height (1.6), more heading breathing room - Code blocks: JetBrains Mono, subtle border, more padding - Fix CSS load order: custom.css now loads after theme stylesheets
- Active item: tinted blue background with blue text (matching MCP's primary-color tinted active state) - Non-active items: muted gray text, subtle hover background - Larger border-radius (0.75rem/rounded-xl) matching MCP sidebar - Group headers: semibold with slight letter spacing - Proper dark mode variants for all states
Inject a small script via the SEO plugin that marks the active sidebar link with a "current" class (TypeDoc doesn't do this natively for document pages). Uses a MutationObserver since the sidebar is populated asynchronously. Pathname comparison strips .html extensions to support clean-URL servers. Also bumps code/pre font-size from 0.85em to 1em so code snippets match the surrounding body text size.
…eadcrumbs Extract CSS cascade fix, breadcrumb labels, and sidebar nav highlighting from the SEO plugin into a new typedoc-plugin-mcpstyle.mjs to keep concerns separated. Fix authorization doc: use "authorization" consistently instead of mixing with "authentication", link to MCP spec and RFC 9728 for Protected Resource Metadata, remove redundant spec link paragraph. Rename "Documents" nav section to "Getting Started" and add explicit group frontmatter to all doc pages. Breadcrumbs now show the section name instead of duplicating the page title.
ochafik
approved these changes
Mar 6, 2026
ochafik
added a commit
that referenced
this pull request
Mar 6, 2026
Changes since 1.1.2: - fix: autoResize reporting viewport height when content is taller (#525) - fix: remove duplicate --color-text-ghost from McpUiStyleVariableKey (#523) - fix: examples servers' npm run start:stdio (#507) - pdf-server: ignore client roots by default (#510) - docs: add Security documentation section and SEO improvements (#524) - docs: add MCP client configuration examples to CONTRIBUTING.md (#508, #526) - docs: use apps.extensions.modelcontextprotocol.io domain for docs URLs (#499) - docs: add SECURITY.md with GitHub Security Advisories guidance (#472)
ochafik
added a commit
that referenced
this pull request
Mar 6, 2026
* chore: bump ext-apps to 1.1.3 Changes since 1.1.2: - fix: autoResize reporting viewport height when content is taller (#525) - fix: remove duplicate --color-text-ghost from McpUiStyleVariableKey (#523) - fix: examples servers' npm run start:stdio (#507) - pdf-server: ignore client roots by default (#510) - docs: add Security documentation section and SEO improvements (#524) - docs: add MCP client configuration examples to CONTRIBUTING.md (#508, #526) - docs: use apps.extensions.modelcontextprotocol.io domain for docs URLs (#499) - docs: add SECURITY.md with GitHub Security Advisories guidance (#472) * chore: switch to minor bump 1.2.0 (new APIs in #470)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new Security section to the documentation with two guides, and improves the overall SEO and discoverability of the doc site.
Changes
New documentation
_meta.ui.csp,connectDomains/resourceDomains, and_meta.ui.domainfor stable CORS origins.Documentation site improvements
@modelcontextprotocol/ext-apps - v1.1.2to MCP AppsSEO improvements
typedoc-plugin-seo.mjs) that:TechArticlefor guides,WebPagefor API reference)CSP_and_CORS.html→csp-and-cors.html)hostedBaseUrlfor sitemap.xml generation and canonical URL tagsdescriptionfrontmatter to all 8 documentation pagesOther