Get help on Discord

CORS error loading SVG from Sanity CDN inline with external-svg-loader

12 replies
Last updated: Jan 28, 2026
Hi everyone 👋I’m a designer trying my hands on a simple
Sanity solution for a next.js one-pager. I’m trying to use svg-assets uploaded through sanity studio in combination with external-svg-loader . The goal is to load the SVGs inline and control the colors with CSS. However, this only results in a CORS-error which is a bit too technical for me:

Access to fetch at '<https://cdn.sanity.io/images/xxxxxxxx/production/xxxxxxx-800x600.svg>' from origin '<http://localhost:3000>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Can anyone point me in the right direction for solving this
🙂 Or is my thinking and approach for loading svgs hosted at a CDN inline wrong?
---
Edit:
user H
has provided me with a few alternative solutions that will work by editing the SVGs or pasting the SVG code in text fields. Is there no way to solve the CORS-error so the editors only need to upload an svg?
AI Update

The CORS issue you're experiencing is actually expected behavior when trying to fetch SVGs from Sanity's CDN for inline manipulation. The good news is there's a straightforward solution!

The Solution: Add Your Origin to CORS Settings

You need to add your localhost (and later your production domain) to Sanity's CORS allowed origins. You can do this in two ways:

Option 1: Via CLI (Recommended)

sanity cors add http://localhost:3000

Option 2: Via Sanity Manage Dashboard Go to manage.sanity.io, select your project, and add http://localhost:3000 to the CORS origins list. Note that credentials are not needed for these origins when loading assets.

Once you've added your origin, external-svg-loader should work perfectly! The Sanity Asset CDN does support CORS for cross-domain asset access - you just need to explicitly allow your domain.

Why This Happens:

The Sanity CDN (cdn.sanity.io) requires origins to be explicitly whitelisted for security reasons. By default, it blocks cross-origin fetch requests unless your domain is in the allowed list. This is standard security practice for CDNs.

Important: Remember to add your production domain(s) to the CORS origins before deploying! For example:

sanity cors add https://yourdomain.com

Alternative Approaches (If You Need Them):

If for some reason you can't modify CORS settings or need more control, you could:

  1. Fetch via Next.js API Route - Create a proxy endpoint that fetches the SVG server-side (where CORS doesn't apply) and serves it to your frontend
  2. Use Sanity's Image URL Builder - Fetch the SVG programmatically and insert it inline yourself using standard fetch

But honestly, just adding your origin to CORS is the simplest solution and exactly what this use case calls for. Your editors can continue uploading SVGs normally through Sanity Studio, and you can manipulate them with CSS as intended! 🎉

Show original thread
12 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?