Get help on Discord

Can I Control CORS Settings for the Asset CDN?

5 replies
Last updated: Sep 27, 2022
Hi everyone. Is it possible to control CORS settings for the Asset CDN (not the data API)? I would like to upload GeoJSON files as part of my schema and fetch them from my front-end, but at the moment can’t do so due to crossdomain/CORS restriction. Any advice much appreciated. Thanks!
AI Update

Great question about Asset CDN CORS! You've hit a known limitation with Sanity's infrastructure.

The Asset CDN CORS Limitation

According to the CORS Origins documentation, the CORS settings you configure in your Management Dashboard (Settings > API > CORS Origins) apply to the Data API but do not automatically apply to the Asset CDN. This is why you're encountering CORS restrictions when trying to fetch your GeoJSON files directly from the browser—even if you've properly configured CORS for your Data API access.

Recommended Solutions

1. Use Sanity Functions (Best Option)

Sanity Functions are the modern, recommended approach for this scenario. They're serverless functions that run on Sanity's infrastructure and can fetch your asset server-side (where CORS doesn't apply), then serve it to your frontend with proper headers.

Here's the general approach:

  • Create a Function that fetches the asset URL server-side
  • Have it return the GeoJSON data with appropriate CORS headers
  • Call this Function endpoint from your frontend instead of hitting the Asset CDN directly

Benefits: No external hosting needed, automatic scaling, stays within the Sanity ecosystem, and you control the response headers completely.

2. Store GeoJSON as Structured Data

For smaller GeoJSON files, consider storing the JSON directly in your document schema instead of as file assets. You can use an object or json field type to store the GeoJSON structure directly in your documents.

Then query it normally with GROQ through the Data API—where your CORS settings work perfectly. This approach works well if:

  • Your GeoJSON files aren't too large
  • You want to query or filter based on geographic data
  • You need the data to be part of your content model

3. Proxy Through Your Own Backend

If you already have a backend server, you can create an endpoint that fetches from the Asset CDN and serves to your frontend. Server-to-server requests don't have CORS restrictions, so your backend can fetch the GeoJSON and add appropriate headers for your frontend.

4. Download Parameter Workaround

While not ideal for programmatic fetching, you can use the ?dl query parameter on asset URLs to trigger downloads, though this is more suited for user-initiated downloads rather than JavaScript fetch operations.

Why Functions Are Preferred

For your use case of fetching GeoJSON dynamically, Sanity Functions provide the cleanest solution—they give you full control over headers, don't require external infrastructure, and integrate natively with your Sanity project. The Asset CDN is optimized for direct media delivery (images, videos), while Functions are purpose-built for these kinds of content transformation and delivery scenarios.

Hope this helps! Let me know which approach you end up going with.

You can't set a CORS domain for the Asset CDN without also setting it for the other Sanity APIs, unfortunately.
Thanks for the reply – that would actually be fine, is it possible (by adding a CORS origin to the data API settings)? I can’t see any CORS headers on asset URL responses at the moment, and I do have a couple of origins configured in the management dashboard 😞
Just found an old issue where someone else is asking about this. If there’s any way to accomplish this I’d love to hear it! For clarity, anything that modifies CORS headers on the Data API as well is fine, but it does appear that the CORS settings in the control panel affect only the Data API and there’s no way to specify CORS origins for the Asset API.
I'll ask internally if there's any follow up for that issue.
Thank you! 🙏

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?