CORS Error: No Access-Control-Allow-Origin Header in React App with Sanity

3 replies

Last updated: Sep 5, 2022

Hi, sorry I'm still having a CORS error (No-access-control-origin header is present) in my local environment that I can't fix, so data isn't being connected from Sanity to my react app. I've updated my images and code, here is a list of 10 images showing errors, code, file directory etc (with a quick description for each). Wasn't entirely sure what to include. Been stuck on this issue for a week now and I have a deadline coming up so super appreciate any help!

AI Update

I can help you fix this CORS error! This is a common issue when connecting Sanity to React apps. Let me walk you through the solution step by step.

The "No 'Access-Control-Allow-Origin' header is present" error means your React app's domain isn't authorized to access your Sanity project's data. Here's how to fix it:

Add Your Domain to CORS Origins

Go to manage.sanity.io
Select your project
Navigate to Settings → API → CORS Origins
Click "Add CORS origin"
Add your local development URL exactly as it appears in your browser (including the protocol):
- http://localhost:3000 (for typical React apps)
- http://localhost:5173 (for Vite)
- http://localhost:8000 (for Gatsby)
- Or whatever port your app runs on
Important: Check the "Allow credentials" checkbox if you're using any authentication token in your Sanity client configuration

Critical Details

Protocol matters: http://localhost:3000 and https://localhost:3000 are different origins. Make sure you add the exact URL showing in your browser's address bar.

Port number matters: localhost:3000 is different from localhost:3001. Check which port your React app actually runs on.

Common Configuration Issues

If you're using a token with your Sanity client, your configuration should look like this:

import {createClient} from '@sanity/client'

const client = createClient({
  projectId: 'your-project-id',
  dataset: 'production',
  useCdn: false, // set to false for development
  apiVersion: '2024-01-01',
  token: 'your-token', // only if needed
})

Important: If you have a token in your client config, you must enable "Allow credentials" for that CORS origin in the management dashboard. This is the most common mistake that causes CORS errors even after adding the origin.

Additional Troubleshooting

Clear your browser cache after adding the CORS origin
Restart your React dev server after making changes
Double-check your projectId and dataset in your client configuration
For production deployment, you'll need to add your production domain (like https://yourdomain.com) as a separate CORS origin

Asset-Specific CORS Issues

Note that CORS settings in the management dashboard apply to the Data API but not automatically to the Asset CDN. If you're specifically having issues fetching assets (images, files), that may require additional configuration.

Since you've been stuck on this for a week with a deadline approaching, I'd recommend starting fresh with these exact steps. The solution is almost always that the origin isn't added correctly or the "Allow credentials" checkbox isn't enabled when using tokens. Make sure you're using client.fetch() correctly with your Authorization header if you have a token, and verify the exact localhost URL and port your React app is running on!

Show original thread

3 replies

Hi Ciar. When you go to sanity.io/manage , select this project, and select the API tab, what do you see under CORS origins?

Or, if you’d prefer not to share it, make sure

<http://localhost:3000>

is there (and not

https

Hi Geoff, thanks for responding, that fixed it!

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for free Explore the demo