CORS Origins wildcard subdomain configuration not working

I can see what's happening here! The issue is that Sanity's CORS Origins configuration doesn't support wildcard patterns for subdomains like https://*.HOSTNAME.se. You need to add each specific subdomain individually.

Based on the CORS Origins documentation, here's what you need to know:

Why wildcards don't work: Sanity requires you to explicitly whitelist each complete domain with its full protocol. This is a security best practice to prevent unauthorized access to your content.

What you need to do: For your address https://canary.www.HOSTNAME.se, you need to add the exact, complete URL to your CORS origins:

1. Go to manage.sanity.io
2. Select your project
3. Navigate to Settings → API → CORS Origins
4. Click "Add CORS origin"
5. Enter the complete URL: https://canary.www.HOSTNAME.se
6. If you're using authentication tokens with your Sanity client, make sure to check the "Allow credentials" box
7. Save

For multiple domains: If you have several subdomains (like canary.www.HOSTNAME.se, staging.www.HOSTNAME.se, production.www.HOSTNAME.se), you'll need to add each one individually as a separate CORS origin entry. It's a bit more manual work, but it provides better security control over which domains can access your Sanity project.

Important note: The protocol matters! http:// and https:// are treated as different origins, so make sure you're adding the exact protocol you're using.

If you're still getting CORS errors after adding the exact domain, double-check that:

• There are no typos in the URL
• The protocol matches exactly (https vs http)
• You've enabled "Allow credentials" if you're using authentication tokens
• You've waited a moment for the changes to propagate (usually instant, but can take a few seconds)