CORS error with capacitor://localhost URL scheme in Sanity iOS app

Good news! You can absolutely add capacitor://localhost as a CORS origin in Sanity - you just need to use the Sanity CLI to do it, since the management dashboard doesn't support custom protocol schemes like capacitor://.

The solution is straightforward. Run this command in your terminal:

sanity cors add capacitor://localhost

This will add the Capacitor origin scheme to your project's CORS allowlist, which should resolve your 403 errors when fetching Sanity assets from your iOS/Android app.

Why the management dashboard doesn't work for this:

The CORS configuration UI at manage.sanity.io is designed primarily for standard HTTP/HTTPS origins. Custom protocol schemes like capacitor://localhost aren't supported in the web interface, but the CLI handles them just fine.

Alternative approach using Capacitor HTTP plugin:

If you continue to have issues (particularly with the Asset CDN, since CORS settings don't automatically apply there), consider using the @capacitor-community/http plugin instead of standard fetch. This native HTTP plugin bypasses browser CORS restrictions entirely since it makes requests at the native layer rather than through the WebView.

Quick note on security:

While you mentioned using * as a wildcard origin, it's worth keeping the specific capacitor://localhost origin if possible, especially if you're using authentication tokens with the "Allow credentials" option enabled. The CLI approach gives you that precision without compromising security.