Get help on Discord

CORS error persists despite adding origins and allowing credentials

19 replies
Last updated: Nov 29, 2025
Hey, I’m trying to access my project locally (the same issue happens in the deployed studio as well) and I keep getting this error. I have added CORS Origins and allowed credentials for the local path, the deployed path, and the wildcard to try and get this working, but it keeps throwing this error.
AI Update

I can help you troubleshoot this CORS issue! Based on the error you're experiencing, here are the most common causes and solutions:

Check Your CORS Configuration

First, verify your CORS settings in the Sanity Management Dashboard:

  1. Go to your project at manage.sanity.io
  2. Navigate to Settings > API > CORS Origins
  3. Make sure you've added the exact origin URLs including the protocol

Common Mistakes to Avoid

Protocol Matters: The most frequent issue is a protocol mismatch. Make sure you're adding:

  • http://localhost:3000 (not https://localhost:3000) for local development
  • The exact port number you're using locally
  • https://your-domain.com (not http://) for your deployed site

Enable "Allow Credentials": If you're using authentication tokens with your Sanity client, you must check the "Allow credentials" checkbox for each origin. This is required when the Access-Control-Allow-Credentials header needs to be set to 'true'.

Specific Things to Try

  1. Remove the wildcard - Wildcards can sometimes cause issues. Instead, add each specific origin explicitly
  2. Check for trailing slashes - Don't include trailing slashes in your CORS origins (use http://localhost:3000, not http://localhost:3000/)
  3. Clear browser cache - CORS settings can be cached by your browser. Try hard-refreshing or opening in an incognito window
  4. Verify the exact error - Check your browser console for the specific CORS error message, as it will tell you which origin is being blocked

Studio-Specific Consideration

If you're accessing Sanity Studio itself (not just querying data), remember that:

  • The hosted Studio at yourproject.sanity.studio shouldn't need CORS configuration
  • If you're running sanity dev locally, CORS shouldn't typically apply to the Studio interface itself, only to API requests from other origins

Asset CDN Limitation

One important note: CORS settings configured in the Management Dashboard apply to the Data API but not to the Asset CDN. If you're trying to fetch assets directly from the browser, you may encounter separate CORS restrictions.

The exact error message from your browser console would help narrow down whether it's an origin mismatch, credentials issue, or something else. Look for messages like "No 'Access-Control-Allow-Origin' header is present" (origin not added) or "Access-Control-Allow-Credentials' header must be 'true'" (credentials not enabled).

Show original thread
19 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?