Get help on Discord

Error accessing Sanity studio with Nextjs template, resolved by updating project ID.

3 replies
Last updated: Jun 2, 2023
Hello Everyone, I was hoping someone can point me in the right direction. I am trying to use Sanity studio with my Nextjs template. I have created a project from Sanity.io , got the projectID from the sanity dashboard and added the Project ID to the .env file. all seem Ok but whn I go to the local host: http://localhost:3000/admin . I get redirected to a login page where I see all the providers you can use to log in. whether I choose github or Gmail I am getting this error " You are not authorized to access this studio.Maybe you could ask someone to invite you to collaborate on this project?
If you think this is an error, verify that you are signed in with the correct account. You are currently signed in as <my name - my email> through (google/Github).
I have also invited a project member and gave him an Admin role and I am getting the same error using the newly added member credentials.
AI Update

I can help you solve this authorization issue! This is a common problem when setting up Sanity Studio embedded in Next.js, and it's almost always related to CORS configuration rather than project membership.

The "You are not authorized to access this studio" error occurs because your Studio is running on http://localhost:3000 (embedded in your Next.js app), but this origin hasn't been added to your Sanity project's allowed CORS origins. Even though you're successfully authenticated with Google or GitHub, Sanity blocks the Studio from loading because the domain isn't whitelisted.

Here's how to fix it:

Add localhost to CORS Origins

  1. Go to manage.sanity.io
  2. Select your project
  3. Navigate to SettingsAPICORS Origins
  4. Click Add CORS origin
  5. Add http://localhost:3000 (make sure to include the http:// protocol)
  6. Important: Check the "Allow credentials" checkbox
  7. Save the changes

The "Allow credentials" option is crucial - without it, authenticated requests from your Studio won't work properly, as explained in the CORS Origins documentation.

Why This Happens

When you embed Sanity Studio in a Next.js app (rather than using the standalone Studio), it runs on your Next.js development server. Sanity treats this as a cross-origin request and requires explicit permission through CORS configuration. This is a security feature to prevent unauthorized domains from accessing your project data.

After Deployment

When you deploy your Next.js app to production, you'll need to add your production domain to CORS origins as well (e.g., https://yourdomain.com). Each environment where your Studio runs needs to be explicitly allowed.

The invited member is getting the same error because this isn't actually a permissions issue - it's a CORS configuration issue preventing the Studio from loading at all for anyone on that domain.

Try adding the CORS origin and the error should disappear immediately!

Hi
user A
. It could be that your project ID isn’t updated throughout the project and it’s picking up the ID from the template. Perhaps if you search for 
projectId
and 
PROJECT_ID
across your project, you’ll find a rogue instance of a project ID that’s not yours. Please let us know how that goes.
Hi
user A
, I appreciate the swift reply, I have tried your suggestion and indeed I have found another instance of projectId that wasn't mine. I have changed the id and it is working now. Many thanks for that!
Great! 🎉

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?