✨Discover storytelling in the AI age with Pixar's Matthew Luhn at Sanity Connect, May 8th—register now

Issue with CORS when accessing dataset using @sanity/client in Gatsby app.

5 replies
Last updated: Jul 30, 2020
Morning folks! Having some issues with CORS when trying to access my dataset, specifically from the
@sanity/client.
Following the docs at
https://www.sanity.io/docs/cors and at https://www.sanity.io/docs/js-client , I've setup a small query in my Gatsby react app to retrieve some entries with
useEffect(() => {
    const client = sanityClient({
      projectId: process.env.GATSBY_SANITY_PROJECT_ID,
      dataset: process.env.GATSBY_SANITY_DATASET,
      token: process.env.SANITY_READ_TOKEN,
      useCdn: false
    })
    client.fetch(`*[_type == "portfolioEntry"]{ title }`).then(res => {
      console.log('res', res)
    }).catch(err => {
      console.error('F', err)
    })
  })
However, I receive the response

Access to XMLHttpRequest at 'https://<project-id>.<http://api.sanity.io/v1/data/query/development?query=*%5B_type%20%3D%3D%20%22portfolioEntry%22%5D%7B%20title%20%7D|api.sanity.io/v1/data/query/development?query=*%5B_type%20%3D%3D%20%22portfolioEntry%22%5D%7B%20title%20%7D>' from origin '<http://localhost:8000>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Following suggestions online, It said to investigate the allowed CORS origins, and so I made sure to add
https://<project-id>.<http://api.sanity.io|api.sanity.io>

Request works in both Postman and Chromium.
Thanks in advance to anyone that takes the time to give me a hand!
Jul 30, 2020, 3:29 PM
If you go to your project on manage.sanity.io and to Settings &gt; API &gt; CORS Origins, do you see
<http://localhost:8000>
listed as one of the entries? Also, does it have “credentials allowed” switched on in this case?
Jul 30, 2020, 3:46 PM
Yep!
Jul 30, 2020, 3:51 PM
You’d want Allow credentials to be switched on for that one, which right now is not the case - even if the lock would suggest otherwise, sorry about that 😉
Jul 30, 2020, 3:52 PM
😄
Jul 30, 2020, 3:53 PM
Thank you! What a head scratcher. I didn't add that one, it was a default, so I didn't want to mess with it. I appreciate the help!
Jul 30, 2020, 3:53 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?