Get help on Discord

Troubleshooting CORS configuration for Sanity with custom domains

8 replies
Last updated: Sep 28, 2021
Hello, I have a question about configuring CORS origins. I have a frontend site hosted on netlify, and early on in development I configured my sanity instance to allow the randomly generated domain that netlify generated for the site to connect to the project. Now I have also added a custom domain that I bought on namecheap and setup that domain to point to the netlify site. The problem is that now when I try to whitelist my new custom domain on the sanity CORS page, it doesn’t appear to have any effect, and all my requests are blocked. Can you recommend that I try anything to resolve this problem? Thanks!
AI Update

I can help you troubleshoot this CORS issue! It sounds frustrating, but this is a common scenario when adding custom domains. Here are several things to check:

1. Check the exact format of your CORS origin

The most common issue is that the CORS origin needs to match exactly - including the protocol. Make sure you're adding:

  • https://yourdomain.com (not just yourdomain.com)
  • Match the exact protocol your site uses (http vs https)

According to the CORS documentation, even small differences like http:// vs https:// will cause requests to be blocked.

2. Enable "Allow credentials"

If you're using authentication tokens with your Sanity client (which is common), you need to check the "Allow credentials" checkbox for your custom domain in the CORS settings. Without this enabled, authenticated requests will fail even if the domain is whitelisted.

You can find this in: Sanity Manage → Your Project → Settings → API → CORS Origins

3. Clear browser cache and try incognito

Sometimes browsers cache CORS responses aggressively. Try:

  • Hard refresh (Ctrl+Shift+R or Cmd+Shift+R)
  • Test in an incognito/private window
  • Clear your browser cache completely

4. Verify DNS propagation

Since you just set up the custom domain, DNS changes might not be fully propagated. You can check if your domain is properly pointing to Netlify using tools like nslookup or online DNS checkers. If DNS isn't fully propagated, requests might be coming from unexpected origins.

5. Check for www vs non-www

Make sure you've added both variations if your site is accessible via both:

  • https://yourdomain.com
  • https://www.yourdomain.com

6. Wait a few minutes

CORS changes can sometimes take a few minutes to propagate on Sanity's side. If you just added the origin, give it 5-10 minutes and try again.

7. Verify in browser console

Check your browser's developer console for the exact error message. It should tell you which origin is being blocked. Sometimes the origin being sent doesn't match what you think (like if there's a redirect happening).

If none of these work, double-check that your Netlify site is actually serving from the custom domain correctly and that the requests are indeed coming from that domain. You can verify this by looking at the Origin header in your network tab when the request fails.

Hey User! What's the error you get in the console when this happens?
Hi User! This is what I see
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Hi User! This is what I see
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I noticed of course I can create a wildcard entry and it works, but I guess that is not ideal
I noticed of course I can create a wildcard entry and it works, but I guess that is not ideal
Hmm, is it possible that you've added 
http://
instead of 
https://
? Or maybe something along those lines?
OH! I think I got it. I ended up setting up two records, one with www and one without. I was trying to setup something with wildcards like this but it did not work. I guess maybe I misunderstood how * could be used.
https://*<http://landgrabct.org|landgrabct.org>*

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?