chore: fix cors for envoys

[NathanFlurry]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(rivetkit): drop is_read_only_sql classifier, surface RETURNING rows #4728
• docs: require close-code rejection for websocket auth/policy failures #4727
• fix(rivetkit): inspector reports actual config state + real queue messages #4726
• fix(rivetkit-napi): plumb ctx through serializeState TSF and stop panicking on runtime_state Ref drop #4725
• chore(rivetkit): remove legacy metrics & prometheus auth #4724
• chore(rivetkit): remove legacy metrics #4723
• chore(rivetkit): impl inspector token #4722
• chore: disable auth on serverless #4721
• chore: fix cors for envoys #4720 👈 (View in Graphite)
• chore: fix serverless in rivetkit-core #4719
• chore(rivetkit): impl follow up review #4711
• chore: rivetkit core/napi/typescript follow up review #4702
• chore: fix remaining issues with rivetkit-core #4701
• feat: import/export actors #4640
• chore: sqlite v1 to v2 data migration #4692
• chore: move rivetkit to task model #4680
• chore: rivetkit to rust #4679
• feat(rivetkit): sqlite vfs v2 #4673
• chore: rename sandbox -> kitchen sink #4671 : 1 other dependent PR (#4672 )
• chore: configure TLS trust roots for rustls clients #4667
• fix(rivetkit): update config to match envoys & remove manager references #4663
• chore(publish): pin docker base image refs #4652
• chore(engine): publish engine bases in ci #4649 : 2 other dependent PRs (#4650 , #4666 )
• chore: lockfile lefthook #4647
• fix(rivetkit): surface native sqlite kv errors to callers #4645
• fix(rivetkit): prevent sleep races during disconnect and db work #4644
• fix(rivetkit): isolate engine envoys and propagate startup failures #4643
• test(rivetkit): remove wasm sqlite-only fixtures and coverage #4642
• chore(sqlite-vfs): remove wasm sqlite packages and workspace wiring #4641
• chore(rivetkit): remove wasm sqlite runtime #4614
• fix(sqlite-native): restore native startup kv preload #4639
• fix(sqlite-native): delete metadata before chunk range #4638
• fix(sqlite-native): keep truncate cache coherent #4637
• fix(sqlite-vfs): use delete range for truncate cleanup #4636
• fix(sqlite-native): restore kv error hook #4635
• perf(sqlite-native): avoid cloning cached read chunks #4634
• perf(sqlite-native): gate kv operation labels #4633
• perf(sqlite-native): reuse read cache for partial writes #4632
• perf(sqlite-native): remove delete file existence probe #4631
• fix(sqlite-native): gate native read cache behind env var #4630
• fix(pegboard): isolate runner config dc lookup failures #4625 : 1 other dependent PR (#4626 )
• docs(pegboard): note runner config upsert split write risk #4624
• fix(pegboard): unpack global runner config keys correctly #4623
• fix(pegboard-gateway): enforce tunnel message state #4622
• fix(pegboard-runner): clear terminal tunnel routes #4621
• fix(pegboard): skip protocol version keys in runner pool backfill #4620
• fix(pegboard): create missing normal runner configs #4619
• fix(epoxy): reuse cached optimistic value #4618
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Review: chore: fix cors for envoys

Overall: Good architectural direction -- centralizing CORS at the guard routing layer rather than in each gateway implementation is cleaner, avoids duplication, and ensures auth error responses carry CORS headers (the key bug being fixed). The lifetime/ownership fixes for the target string are also correct.

---

Security: allow_credentials: true + allow_origin: "*" fallback

File: engine/packages/guard/src/routing/pegboard_gateway/cors.rs

If a request arrives without an Origin header, origin_header() returns "*" and set_non_preflight_cors will emit Access-Control-Allow-Origin: * combined with Access-Control-Allow-Credentials: true. The CORS spec explicitly forbids this combination -- browsers reject credentialed responses with a wildcard origin. In practice, browser CORS requests always include Origin, so the "*" fallback is only reached by non-browser clients where CORS doesn't apply. The behavior is harmless in practice, but the server is emitting a technically invalid CORS configuration that could confuse intermediary caches or reverse proxies. Consider omitting CORS headers entirely when Origin is absent, or at minimum not setting allow_credentials: true for the wildcard case.

The same unwrap_or("*") pattern in CorsPreflight::handle_request produces a preflight response of Access-Control-Allow-Origin: * + Access-Control-Allow-Credentials: true, which browsers will also reject.

---

OPTIONS check ordering in route_request_path_based

File: engine/packages/guard/src/routing/pegboard_gateway/mod.rs

The OPTIONS intercept comes after parse_actor_path, so a preflight request to a path that does not conform to the actor-path format falls through this handler entirely. For header-based routing (route_request), the OPTIONS check correctly appears before any header parsing. If any path that browsers preflight will not pass parse_actor_path, it will silently not receive a CORS preflight response. Worth confirming this ordering is intentional.

---

Origin read inconsistency in CorsPreflight

CorsPreflight::handle_request reads the origin from the raw req: Request<...> parameter, while set_non_preflight_cors reads it from req_ctx via origin_header(req_ctx). They access the same underlying headers and should be equivalent today, but origin_header is not the single source of truth. Consider refactoring CorsPreflight to extract the origin via req_ctx too, or at least add a comment explaining why the raw request is used there.

---

expose_headers: "*" with allow_credentials: true

Per the Fetch spec, the "*" wildcard for Access-Control-Expose-Headers is not treated as a wildcard for credentialed responses -- it is matched literally as a header named "*". All modern browsers now implement the 2020 amendment and handle this correctly in practice, so this is a spec-compliance note rather than a live bug. Worth confirming that wildcard expose-headers with credentials is acceptable for your target environments.

---

Observation: envoy routing has no CORS handling

engine/packages/guard/src/routing/envoy.rs does not set CORS headers and does not intercept OPTIONS. This appears intentional (envoy connections are actor-to-engine, not browser-initiated), but worth confirming no browser client ever hits /envoys/connect.

---

Test coverage

No new tests accompany these changes. Given that CORS mis-configuration is a common source of hard-to-debug browser regressions, even a simple integration test asserting that OPTIONS returns 204 with the expected headers and that non-OPTIONS responses include Access-Control-Allow-Origin would be valuable before this merges.

---

Summary:

Priority	Issue
Fix before merging	allow_credentials: true + allow_origin: "*" in the no-Origin-header fallback (spec violation, could confuse caches)
Worth confirming	OPTIONS ordering after parse_actor_path in route_request_path_based
Nice to have	Consolidate origin extraction into origin_header() inside CorsPreflight
Low priority	expose_headers: "*" + credentials spec note
Nice to have	Test coverage for CORS preflight and non-preflight behavior

[github-actions]

Preview packages published to npm

Install with:

npm install rivetkit@pr-4720

All packages published as 0.0.0-pr.4720.878b7fb with tag pr-4720.

Engine binary is shipped via @rivetkit/engine-cli on linux-x64-musl, linux-arm64-musl, darwin-x64, and darwin-arm64. Windows users should use the release installer or set RIVET_ENGINE_BINARY.

Docker images:

docker pull rivetdev/engine:slim-878b7fb
docker pull rivetdev/engine:full-878b7fb

Individual packages

npm install rivetkit@pr-4720
npm install @rivetkit/react@pr-4720
npm install @rivetkit/rivetkit-napi@pr-4720
npm install @rivetkit/workflow-engine@pr-4720