A Cloudflare Worker that automatically manages Sanity CORS origins for preview deployments from GitHub PRs.
- On deployment success: Automatically adds the preview deployment URL to Sanity CORS allowlist
- On PR close/merge: Automatically removes the preview URL from Sanity CORS allowlist
- Webhook verification: Securely validates GitHub webhook signature
git clone https://github.com/YOUR_USERNAME/workers-sanity-cors.git
cd workers-sanity-cors
npm installCopy the example environment file:
cp .env.example .envEdit .env with your actual values:
# GitHub webhook secret (you'll create this in step 4)
GITHUB_WEBHOOK_SECRET=your_webhook_secret_here
# Sanity project configuration
SANITY_PROJECT_ID=your_project_id_here
SANITY_TOKEN=your_sanity_token_here
# Your Workers domain (replace with your actual domain)
WORKERS_DOMAIN=your-domain.workers.devnpx wrangler typesnpx wrangler deployNote the deployment URL - you'll need this for the GitHub webhook.
Instead of using .env for production, set secrets directly with Wrangler:
npx wrangler secret put GITHUB_WEBHOOK_SECRET
npx wrangler secret put SANITY_PROJECT_ID
npx wrangler secret put SANITY_TOKEN
npx wrangler secret put WORKERS_DOMAINYou can also configure these manually through the cloudflare workers admin settings.
- Go to your GitHub repository → Settings → Webhooks
- Click "Add webhook"
- Set Payload URL to:
https://your-worker-url.workers.dev/webhook - Set Content type to:
application/json - Set Secret to the same value you used for
GITHUB_WEBHOOK_SECRET - Select individual events:
- Deployment statuses
- Pull requests
- Ensure the webhook is Active
- Click "Add webhook"
Find this in your Sanity project dashboard URL: sanity.io/manage/personal/project/YOUR_PROJECT_ID
- Go to Sanity Management Console
- Select your project
- Go to API → Tokens
- Create a new token with Editor permissions
- Copy the token value
npm run devnpx wrangler types # Regenerate typesMIT