Issue with CORS policy when adding a token to a web application

2 replies

Last updated: Nov 6, 2023

Hi everyone,I've created a token to be able to use the create function inside my web application. However, when I add the token value in the createClient. Everything stops working. I had a blog setup previously only using projectId, but when I add the token it gives me the following error:

Access to XMLHttpRequest at 'URL_HERE' from origin '<http://localhost:3000>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute

I have added CORS policy for localhost:3000, it was working just fine before I started using the token.

Any ideas on how I can go about fixing this?

Nov 6, 2023, 2:52 PM

There’s a flag to allow credentials when you set your CORS origin. Given you’re now using a token, it sounds like you still need to toggle that setting.

Nov 6, 2023, 2:56 PM

Ah yes. Just tired it out and it's working now.
Thank you very much for the help!

Nov 6, 2023, 3:52 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Get started for free Explore the demo

Platform

Features

Use cases

Integrations

Learn

Build and share

Frameworks

Discover

Case studies

Popular guides

Issue with CORS policy when adding a token to a web application

Sanity– build remarkable experiences at scale

Was this answer helpful?