🔮 Sanity Create is here. Writing is reinvented. Try now, no developer setup

Issue with CORS policy when adding a token to a web application

2 replies
Last updated: Nov 6, 2023
Hi everyone,I've created a token to be able to use the create function inside my web application. However, when I add the token value in the createClient. Everything stops working. I had a blog setup previously only using projectId, but when I add the token it gives me the following error:


Access to XMLHttpRequest at 'URL_HERE' from origin '<http://localhost:3000>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute
I have added CORS policy for localhost:3000, it was working just fine before I started using the token.

Any ideas on how I can go about fixing this?
Nov 6, 2023, 2:52 PM
There’s a flag to allow credentials when you set your CORS origin. Given you’re now using a token, it sounds like you still need to toggle that setting.
Nov 6, 2023, 2:56 PM
Ah yes. Just tired it out and it's working now.
Thank you very much for the help!
Nov 6, 2023, 3:52 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?