fix: laravel route domain() doesn't support array

Author: kargnas

README.md

@@ -231,22 +231,36 @@ The MCP protocol also defines a "Streamable HTTP SSE" mode, but this package doe
 
 ### Domain Restriction
 
-You can restrict the MCP server routes to specific domains by configuring the `domain` option in your `config/mcp-server.php` file:
+You can restrict MCP server routes to a specific domain for better security and organization:
 
 ```php
 // config/mcp-server.php
 
-// Allow MCP routes on all domains (default)
+// Allow access from all domains (default)
 'domain' => null,
 
-// Restrict to a specific domain
+// Restrict to a specific domain only
 'domain' => 'api.example.com',
+```
+
+**When to use domain restriction:**
+- Running multiple applications on different subdomains
+- Separating API endpoints from your main application
+- Implementing multi-tenant architectures where each tenant has its own subdomain
+
+**Example scenarios:**
+```php
+// API subdomain only
+'domain' => 'api.myapp.com',
+
+// Admin panel subdomain
+'domain' => 'admin.myapp.com',
 
-// Restrict to multiple domains (using array)
-'domain' => ['api.example.com', 'admin.example.com'],
+// Tenant-specific subdomain
+'domain' => 'tenant1.myapp.com',
 ```
 
-This feature allows you to control which domains can access your MCP server, providing an additional layer of security and flexibility in multi-domain applications.
+> **Note:** This feature uses Laravel's route `domain()` method. For multiple domain support, consider implementing custom middleware instead.
 
 ### Creating and Adding Custom Tools
 

config/mcp-server.php

@@ -81,10 +81,20 @@
     | Domain Restriction
     |--------------------------------------------------------------------------
     |
-    | Specify which domain(s) should load the MCP routes. This can be:
-    | - null: Routes will be registered for all domains (default)
-    | - string: A specific domain name (e.g., 'api.example.com')
-    | - array: Multiple domain names (e.g., ['api.example.com', 'admin.example.com'])
+    | Restrict MCP server routes to a specific domain. This is useful when:
+    | - Running multiple applications on different subdomains
+    | - Separating API endpoints from main application
+    | - Implementing multi-tenant architectures
+    |
+    | Options:
+    | - null: Allow access from all domains (default)
+    | - string: Restrict to a single domain (e.g., 'api.example.com')
+    |
+    | Example:
+    | 'domain' => 'api.example.com',  // Only api.example.com can access MCP routes
+    |
+    | Note: This uses Laravel's route domain() method internally.
+    | For multiple domains, consider using middleware-based restrictions instead.
     |
     */
     'domain' => null,

src/LaravelMcpServerServiceProvider.php

@@ -72,15 +72,18 @@ protected function registerRoutes(): void
         $path = Config::get('mcp-server.default_path');
         $middlewares = Config::get('mcp-server.middlewares', []);
         $domain = Config::get('mcp-server.domain');
-
         $provider = Config::get('mcp-server.server_provider');
 
-        // Create a route registrar with domain configuration if specified
+        // Build route configuration with optional domain restriction
         $router = Route::middleware($middlewares);
-        if ($domain !== null) {
+        
+        // Apply domain restriction if configured
+        // This ensures MCP routes are only accessible from the specified domain
+        if ($domain !== null && is_string($domain)) {
             $router = $router->domain($domain);
         }
 
+        // Register provider-specific routes
         if ($provider === 'sse') {
             $router->get("{$path}/sse", [SseController::class, 'handle']);
             $router->post("{$path}/message", [MessageController::class, 'handle']);