Trouble connecting project to backend, wrong dataset used, advice on token security
11 replies
Last updated: Sep 9, 2022
S
I'm having a hard time connecting my project to my backend. I put content into my Sanity backend, created a token, and added my application localhost to the CORS. When I inspect my application terminal, I have arrays, but they're empty. I'm also getting an uncaught error. I don't believe I set up my client page wrong. I set the token as an environmental paramotor
import sanityClient from '@sanity/client';
export const client = sanityClient({
projectId: 'lj43vq66',
dataset: 'production',
apiVersion: '2022-03-10',
useCdn: false,
token: process.env.NEXT_PUBLIC_SANITY_TOKEN,
});Sep 7, 2022, 10:43 PM
Hi User. Perhaps double-check that the dataset you’ve configured in your client is the one you want.
Sep 7, 2022, 10:46 PM
S
Like making sure the token is for the right project?
Sep 7, 2022, 10:51 PM
Rather, that
productionis the correct dataset.
Sep 7, 2022, 10:51 PM
S
I do have two datsets in the project.
production&
sanity-back. Sanity-back is set to private. If I switched datasets, would I need to change that?
Sep 7, 2022, 10:55 PM
The one you specify when you configure
clientis what it will try to source from. If
sanity-backis the one you’re using, you’d want to change your config to
dataset: 'sanity-back'.
Sep 7, 2022, 10:57 PM
S
Apparently I was working in the wrong dataset. Is there a simple way to change the data over
Sep 7, 2022, 11:03 PM
To actually move data, you could follow either of the methods here . If you want to source from the other dataset, you can change your reference to it on your front end (i.e., as we discussed) and in your sanity.json file in your studio.
Sep 7, 2022, 11:08 PM
S
I'm on it. Thank you!
Sep 7, 2022, 11:19 PM
K
Side note, you might want to avoid making your token public to your client-side code since it comes with elevated privileges. If you’re using Next.js, the typical recommendation is to use the client on the server or at build time but not in the frontend.
Sep 8, 2022, 6:49 AM
S
I thought that by setting it as an environmental I'd be safe. My front end is set up in three different folders. If I define my token outside of those folders in the root. is that okay?
Sep 8, 2022, 10:15 PM
K
Well “safe” is a relative word. Making it an environment variable is a good idea in theory, but considering environment variables prefixed with
So you can still use an environment variable, this is good. Just remove the prefix so it never makes its way to the client. This way you use it only on the server or at build time, where it is in fact safe.
NEXT_PUBLIC_are exposed in JavaScript bundles, the entire notion of safety goes out the window. 🙂
So you can still use an environment variable, this is good. Just remove the prefix so it never makes its way to the client. This way you use it only on the server or at build time, where it is in fact safe.
Sep 9, 2022, 6:28 AM
Sanity– build remarkable experiences at scale
Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.