'%3e%3cpath%20fill='%231C373C'%20d='m59.527%2038.205%202.17-3.434c2.335%201.84%205.325%202.902%208.478%202.902%203.318%200%205.652-1.553%205.652-4.415%200-2.74-1.802-4.13-6.47-5.275-5.284-1.35-8.683-3.394-8.683-8.137%200-4.662%204.054-7.932%209.747-7.932%204.26%200%207.126%201.103%209.174%202.78l-2.007%203.19c-2.006-1.473-4.013-2.25-7.167-2.25-3.235%200-5.488%201.432-5.488%204.008%200%202.535%202.089%203.516%206.184%204.58%205.611%201.471%208.97%203.638%208.97%208.709%200%205.356-4.26%208.464-9.87%208.464-4.424%200-7.987-1.145-10.69-3.19ZM105.274%2031.622c0%205.602-3.89%209.773-9.092%209.773-2.948%200-5.16-1.35-6.552-3.067V49h-4.055V22.218h3.522l.123%202.82c1.474-1.84%203.727-3.188%206.88-3.188%205.161%200%209.174%204.17%209.174%209.772Zm-4.095%200c0-3.476-2.58-6.052-5.816-6.052-3.522%200-5.897%202.535-5.897%206.052%200%203.476%202.375%206.051%205.897%206.051%203.236%200%205.816-2.575%205.816-6.051ZM109.861%2015.839c0-1.636%201.269-2.699%202.866-2.74%201.639-.04%202.908%201.104%202.908%202.74%200%201.635-1.269%202.78-2.908%202.78-1.597%200-2.866-1.145-2.866-2.78Zm.901%206.379h4.054v18.808h-4.095l.041-18.809ZM133%2021.972l-.328%204.09c-.532-.205-1.023-.328-1.801-.328-3.523%200-5.325%202.617-5.365%205.275v10.017h-4.096V22.217h3.481l.164%203.68c.778-2.207%203.031-4.047%206.389-4.047.573%200%201.106.04%201.556.122Z'/%3e%3cpath%20fill='%232BA784'%20d='m31.72%2024.5-7.18%207.168-7.18-7.168%207.18-7.168%207.18%207.168ZM22.252%207.451c0%207.657-7.12%2014.767-14.79%2014.767H0v4.564h7.463c7.67%200%2014.79%207.11%2014.79%2014.767V49h4.573v-7.451c0-7.657%207.12-14.767%2014.79-14.767h7.463v-4.564h-7.464c-7.669%200-14.79-7.11-14.79-14.767V0h-4.572v7.451Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h133v49H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Sanity Query Proxy Test
This page tests that direct queries to sanity.fileAsset and sanity.imageAsset are blocked, while normal queries and asset references are allowed.
Direct query to sanity.fileAsset
Expected: BLOCKED
*[_type == "sanity.fileAsset"] | order(_createdAt desc) { _id, url, originalFilename }Direct query to sanity.imageAsset
Expected: BLOCKED
*[_type == "sanity.imageAsset"] | order(_createdAt desc) { _id, url }Query with _type in array (fileAsset)
Expected: BLOCKED
*[_type in ["sanity.fileAsset", "sanity.imageAsset"]] { _id }Normal query (should work)
Expected: ALLOWED
*[_type == "page"][0...5] { _id, title }Query with asset reference (should work)
Expected: ALLOWED
*[_type == "page"][0] { _id, title, mainImage { asset-> { _id, url } } }Test URL Query Parameter
You can also test by adding a query parameter to the URL:
/test-sanity-proxy?query=*[_type+==+"sanity.fileAsset"]