🔮 Sanity Create is here. Writing is reinvented. Try now, no developer setup

Issue with CORS error in accessing a project locally and in the deployed studio.

19 replies
Last updated: May 18, 2022
Hey, I’m trying to access my project locally (the same issue happens in the deployed studio as well) and I keep getting this error. I have added CORS Origins and allowed credentials for the local path, the deployed path, and the wildcard to try and get this working, but it keeps throwing this error.
May 17, 2022, 10:04 PM
Hey User! Are you using any browser extensions that could be interfering with CORS?
May 17, 2022, 10:09 PM
I don’t believe so, my only real browser extension are Vue.js devtools and Google Tag Assistant. I work for a studio with many projects, but this is the only one where it has thrown me this error.
May 17, 2022, 10:11 PM
Can you share what your CORS origins look like in manage?
May 17, 2022, 10:18 PM
yeah for sure, I hid the deployed name for client privacy but aside from that, this is my CORS Origins section:
May 17, 2022, 10:20 PM
I attempted to add the wildcard because internal navigation on the site wasn’t work (was throwing a CORS error) and I thought that might be a way to alleviate it
May 17, 2022, 10:21 PM
but since I have done that, the entire studio now fails to load
May 17, 2022, 10:21 PM
If you run
sanity cors list
in your terminal from the Studio's root folder does it contain the domains you expect?
May 17, 2022, 10:26 PM
Yes, it containse the same values, the deployed studio, the local server, and the wildcard
May 17, 2022, 10:26 PM
Did you happen to remove the your localHost domain and then re-add it?
May 17, 2022, 10:58 PM
Hi User. I love breaking stuff and haven’t been able to recreate this. I might have some good input on your local network settings but want to double check your install method. Did you use a particular starter to get started or use the sanity cli to start a new project?
Here’s a quick shot of my results just now. I created a new directory and ran sanity init inside of it - new project, blog starter - macOS, node v16 (successful):
May 17, 2022, 11:00 PM
This is on a personal account I use, gmail auth. I was already logged into the cli.
May 17, 2022, 11:01 PM
Off the wall question… would you signup email happen to start with
at gmail?
May 17, 2022, 11:06 PM
user M
yes, while trying to fix my initial page navigation cors error, one of my thoughts was to remove and re-add the allowed hosts. After doing this, the studio started completely erroring out.
user U
I also haven’t exactly been able to re-create this haha! The company I work for has many clients that all use sanity as a CMS. We follow the same set up for all of our projects, yet this is the only one that it fails with. Someone else at the company actually initialized and created the studio so I am not entirely sure the steps they went through, but we have a basic starter structure that we mimic for every project and build off of. I personally initialize it on the CLI when I create the studios. And no, the signup email does not start with idco
May 17, 2022, 11:29 PM
hmm 💭 … without digging into your project information, maybe try deleting all CORS entries and re-entering
- make sure there are no spaces.
May 17, 2022, 11:32 PM
I have been playing around with this messy test studio for a while, hosting environments in gitpod, codesandbox, and extra local ports with no issues yet.
May 17, 2022, 11:34 PM
I added http://localhost :* because I saw someone who posted their own support ticket say that it worked for them and that there may be an issue with removing and re-adding CORS origins, and for the time being it has fixed it! Which is great, I can continue to work on the backend of the project!
But in the near future I will have to give our company’s client a link to access it and the deployed link is still not working
May 17, 2022, 11:38 PM
that’s super funky, please follow up if it happens again - maybe there was some mystery character junk or a random spacethat got into your cors config values that wasn’t rendering in the web form.
May 17, 2022, 11:42 PM
After putting 2 and 2 together I just thought to try https://* as a wildcard replacement to get my deployed studio running and that has solved the issue for the time being.
I don’t think there are random characters or anything like that, because they were initially working. When I removed and re-added them, the dates indicating when they were initially added all pointed to the date when they were first added and working as opposed to a new date which I figure it would do if there was some special character or space making the value of the origin different.
May 17, 2022, 11:44 PM
This would be a pretty major security risk, which I’m sure you’re aware.
May 18, 2022, 12:09 AM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?