Back to Rivet

Cross-Origin Resource Sharing

website/src/content/docs/general/cors.mdx

2.3.3826 B
Original Source

Unlike stateless HTTP APIs that use CORS headers, Rivet Actors are stateful and support persistent WebSocket connections. Since WebSockets don't natively support CORS, we validate origins manually in the onBeforeConnect hook before connections may open.

Implementing Origin Restrictions

To implement origin restrictions on Rivet Actors, use the onBeforeConnect hook to verify the request.

<CodeSnippet file="examples/docs/general-cors/server.ts" title="server.ts" />

To catch the error on the client, use the following code:

<CodeSnippet file="examples/docs/general-cors/client.ts" title="client.ts" /> <Note> See tracking issue for [configuring CORS per-actor on the gateway](https://github.com/rivet-dev/rivet/issues/3539) that will remove the need to implement origin restrictions in `onBforeRequest`. </Note>