Get help on Discord

Google Auth Redirect to Localhost Failing in Sanity CLI Setup

5 replies
Last updated: Dec 1, 2025
Hello all! I'm having trouble setting up my first Sanity app because there seems to be an issue with authenticating via Google; it re-directs me to this localhost URL (
<https://localhost:4321/callback/xxxxx>
) after completing and doesn't authenticate me via CLI. I seem to be at an impasse for getting my project set up; is anyone able to assist?
AI Update

This is a known issue that's typically caused by HSTS (HTTP Strict Transport Security) settings in your browser forcing https:// for localhost when the CLI callback expects http://. The good news is there are several solutions!

Quick Solutions

Option 1: Use Incognito/Private Browsing (Fastest) Simply opening the login in an incognito/private browser window often resolves this immediately since it bypasses HSTS policies. This is the quickest way to get unblocked and continue with your setup.

Option 2: Clear HSTS Settings for Localhost If you're using Chrome or a Chromium-based browser (Edge, Brave, etc.):

  1. Navigate to chrome://net-internals/#hsts
  2. Scroll to "Delete domain security policies"
  3. Enter localhost in the domain field
  4. Click "Delete"

This removes the HSTS policy that's forcing HTTPS for localhost.

Option 3: Use 127.0.0.1 Instead of localhost When the ERR_SSL_PROTOCOL_ERROR appears on https://localhost:4321/callback/..., manually change the URL from https://localhost:4321 to http://127.0.0.1:4321 (keeping the rest of the path the same). This bypasses the HSTS issue since 127.0.0.1 won't have the same policy applied.

Option 4: Try a Different Browser If you have another browser installed that you haven't used for development, try running sanity login and completing authentication there. It likely won't have HSTS configured for localhost.

Why This Happens

The ERR_SSL_PROTOCOL_ERROR occurs because at some point your browser enabled HSTS for localhost (possibly from another development project), which forces all connections to use HTTPS. The Sanity CLI callback server runs on HTTP (port 4321), so when your browser tries to force HTTPS, it fails since there's no SSL certificate.

As noted in this GitHub issue, this isn't actually a Sanity bug—it's a browser security setting that got inadvertently applied to localhost.

The incognito browser solution is usually the quickest fix to get you up and running with your first Sanity project!

Show original thread
5 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?