Get help on Discord

SVG-Loading - CORS-Error

12 replies
Last updated: Nov 23, 2021
Hi everyone 👋I’m a designer trying my hands on a simple
Sanity solution for a next.js one-pager. I’m trying to use svg-assets uploaded through sanity studio in combination with external-svg-loader . The goal is to load the SVGs inline and control the colors with CSS. However, this only results in a CORS-error which is a bit too technical for me:

Access to fetch at '<https://cdn.sanity.io/images/xxxxxxxx/production/xxxxxxx-800x600.svg>' from origin '<http://localhost:3000>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Can anyone point me in the right direction for solving this
🙂 Or is my thinking and approach for loading svgs hosted at a CDN inline wrong?
---
Edit:
user H
has provided me with a few alternative solutions that will work by editing the SVGs or pasting the SVG code in text fields. Is there no way to solve the CORS-error so the editors only need to upload an svg?
AI Update

The CORS issue you're experiencing is actually expected behavior when trying to fetch SVGs from Sanity's CDN for inline manipulation. The good news is there's a straightforward solution!

The Solution: Add Your Origin to CORS Settings

You need to add your localhost (and later your production domain) to Sanity's CORS allowed origins. You can do this in two ways:

Option 1: Via CLI (Recommended)

sanity cors add http://localhost:3000

Option 2: Via Sanity Manage Dashboard Go to manage.sanity.io, select your project, and add http://localhost:3000 to the CORS origins list. Note that credentials are not needed for these origins when loading assets.

Once you've added your origin, external-svg-loader should work perfectly! The Sanity Asset CDN does support CORS for cross-domain asset access - you just need to explicitly allow your domain.

Why This Happens:

The Sanity CDN (cdn.sanity.io) requires origins to be explicitly whitelisted for security reasons. By default, it blocks cross-origin fetch requests unless your domain is in the allowed list. This is standard security practice for CDNs.

Important: Remember to add your production domain(s) to the CORS origins before deploying! For example:

sanity cors add https://yourdomain.com

Alternative Approaches (If You Need Them):

If for some reason you can't modify CORS settings or need more control, you could:

  1. Fetch via Next.js API Route - Create a proxy endpoint that fetches the SVG server-side (where CORS doesn't apply) and serves it to your frontend
  2. Use Sanity's Image URL Builder - Fetch the SVG programmatically and insert it inline yourself using standard fetch

But honestly, just adding your origin to CORS is the simplest solution and exactly what this use case calls for. Your editors can continue uploading SVGs normally through Sanity Studio, and you can manipulate them with CSS as intended! 🎉

I had the exact use case, didn't knew this plugin. I manually changed color and re-uploaded.
For another project, I added an option to copy-paste SVG code instead of image, so I can get it using dangerouslySetHTML
Thanks
user H
, I hope to keep it simple for the editors to upload new or change the SVG-illustrations. However it’s good to know there are a few different approaches, eventhough they seem a bit more cumbersome 👍
I hope sanity provides an option to render SVG as raw.
You can add the origin to your project and it should work, I believe?
sanity cors add <http://localhost:3000>
Thanks
user Z
, I’ll try that. Is this the same as setting cors origins through the sanity manage project-dashboard?
Yep (credentials are not needed for these origins)
user Z
Is SVG Raw format something Sanity considered? There are so many benefits of including &lt;svg&gt; inline instead of &lt;img src&gt;.
I'm not sure I understand what that entails? Getting the contents of the file through a GROQ query?
Hm, 
sanity cors add <http://localhost:3000>
didn’t seem to help. I still get the same CORS-error when trying to load the svg’s inline.
My bad, I managed to add the wrong URL. It works perfectly now. Thanks for the help
user Z
:party_parrot:
user Z
Here's an example: Editors uploads an SVG icon, Its in black color. Using it in frontend as &lt;img src=""&gt; we have no way to change the SVG Color or other properties. But if sanity provides an option to fetch the actual &lt;svg&gt; code, we can use that along with "currentColor" to change the icon COLOR.
Make sense?

I have experienced this issue in my last 2 projects and 1 ongoing project. So this is something many people would love too..
You can do that if you set up a CORS origin as above and fetching it using XHR/fetch.
I
guess it would be cool to fetch it through GROQ, but there's some implications of that. SVGs can potentially be megabytes in size after all.
yeah a GROQ function would be awesome. Even if the size is big, normal rendering will also take same size as Sanity currently does not compress SVG

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?