CORS error when adding token to Sanity createClient in web application

Based on your error message, the issue is that you need to enable the "Allow credentials" checkbox for your CORS origin in your Sanity project settings. When you add a token to your createClient configuration, the Sanity client automatically includes credentials with requests, which requires this setting to be enabled.

Here's how to fix it:

1. Go to manage.sanity.io
2. Select your project
3. Navigate to Settings → API → CORS Origins
4. Find your http://localhost:3000 origin in the list
5. Check the "Allow credentials" checkbox next to it
6. Save the changes

The error you're seeing happens because when you add a token to createClient, the client sets withCredentials: true on its requests. This requires the server (Sanity) to respond with Access-Control-Allow-Credentials: true, which only happens when you've enabled the "Allow credentials" option for that specific origin.

Without the token, your requests were working fine because they didn't need credentials. Once you added the token, the browser started sending credentialed requests, which are subject to stricter CORS policies.

Important note: Make sure you've added the complete origin including the protocol (http://localhost:3000, not just localhost:3000). The origin must match exactly, including the port number.

For production, you'll need to do the same thing - add your production domain to CORS origins with "Allow credentials" enabled if you're using tokens in the browser.

As mentioned in the Sanity CORS documentation, this is a security feature to protect your content, so only add domains you trust and control.