next-sanity 10.0.1 → 10.0.3

package/dist/draft-mode.cjs

@@ -14,21 +14,21 @@ function defineEnableDraftMode(options) {
         return new Response("Invalid secret", { status: 401 });
       const draftModeStore = await headers.draftMode();
       draftModeStore.isEnabled || draftModeStore.enable();
-      const dev = process.env.NODE_ENV !== "production", cookieStore = await headers.cookies(), cookie = cookieStore.get("__prerender_bypass");
+      const isSecure = process.env.NODE_ENV === "production" || (options.secureDevMode ?? !1), cookieStore = await headers.cookies(), cookie = cookieStore.get("__prerender_bypass");
       return cookieStore.set({
         name: "__prerender_bypass",
         value: cookie?.value,
         httpOnly: !0,
         path: "/",
-        secure: !dev,
-        sameSite: dev ? "lax" : "none"
+        secure: isSecure,
+        sameSite: isSecure ? "none" : "lax"
       }), studioPreviewPerspective && cookieStore.set({
         name: constants.perspectiveCookieName,
         value: studioPreviewPerspective,
         httpOnly: !0,
         path: "/",
-        secure: !dev,
-        sameSite: dev ? "lax" : "none"
+        secure: isSecure,
+        sameSite: isSecure ? "none" : "lax"
       }), navigation.redirect(redirectTo);
     }
   };

package/dist/draft-mode.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"draft-mode.cjs","sources":["../src/draft-mode/define-enable-draft-mode.ts"],"sourcesContent":["import {validatePreviewUrl} from '@sanity/preview-url-secret'\nimport {perspectiveCookieName} from '@sanity/preview-url-secret/constants'\nimport {cookies, draftMode} from 'next/headers'\nimport {redirect} from 'next/navigation'\n\nimport type {SanityClient} from '../client'\n\n/**\n * @public\n */\nexport interface DefineEnableDraftModeOptions {\n  client: SanityClient\n}\n\n/**\n * @public\n */\nexport interface EnableDraftMode {\n  GET: (request: Request) => Promise<Response>\n}\n\n/**\n * Sets up an API route for enabling draft mode, can be paired with the `previewUrl.previewMode.enable` in `sanity/presentation`.\n * Can also be used with `sanity-plugin-iframe-pane`.\n * @example\n * ```ts\n * // src/app/api/draft-mode/enable/route.ts\n *\n * import { defineEnableDraftMode } from \"next-sanity/draft-mode\";\n * import { client } from \"@/sanity/lib/client\";\n *\n * export const { GET } = defineEnableDraftMode({\n *   client: client.withConfig({ token: process.env.SANITY_API_READ_TOKEN }),\n * });\n * ```\n *\n * @public\n */\nexport function defineEnableDraftMode(options: DefineEnableDraftModeOptions): EnableDraftMode {\n  const {client} = options\n  return {\n    GET: async (request: Request) => {\n      // eslint-disable-next-line no-warning-comments\n      // @TODO check if already in draft mode at a much earlier stage, and skip validation\n\n      const {\n        isValid,\n        redirectTo = '/',\n        studioPreviewPerspective,\n      } = await validatePreviewUrl(client, request.url)\n      if (!isValid) {\n        return new Response('Invalid secret', {status: 401})\n      }\n\n      const draftModeStore = await draftMode()\n\n      // Let's enable draft mode if it's not already enabled\n      if (!draftModeStore.isEnabled) {\n        draftModeStore.enable()\n      }\n\n      const dev = process.env.NODE_ENV !== 'production'\n\n      // Override cookie header for draft mode for usage in live-preview\n      // https://github.com/vercel/next.js/issues/49927\n      const cookieStore = await cookies()\n      const cookie = cookieStore.get('__prerender_bypass')!\n      cookieStore.set({\n        name: '__prerender_bypass',\n        value: cookie?.value,\n        httpOnly: true,\n        path: '/',\n        secure: !dev,\n        sameSite: dev ? 'lax' : 'none',\n      })\n\n      if (studioPreviewPerspective) {\n        cookieStore.set({\n          name: perspectiveCookieName,\n          value: studioPreviewPerspective,\n          httpOnly: true,\n          path: '/',\n          secure: !dev,\n          sameSite: dev ? 'lax' : 'none',\n        })\n      }\n\n      // the `redirect` function throws, and eventually returns a Promise<Response>. TSC doesn't \"see\" that so we have to tell it\n      return redirect(redirectTo) as Promise<Response>\n    },\n  }\n}\n"],"names":["validatePreviewUrl","draftMode","cookies","perspectiveCookieName","redirect"],"mappings":";;;AAsCO,SAAS,sBAAsB,SAAwD;AAC5F,QAAM,EAAC,WAAU;AACjB,SAAO;AAAA,IACL,KAAK,OAAO,YAAqB;AAI/B,YAAM;AAAA,QACJ;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MAAA,IACE,MAAMA,iBAAAA,mBAAmB,QAAQ,QAAQ,GAAG;AAChD,UAAI,CAAC;AACH,eAAO,IAAI,SAAS,kBAAkB,EAAC,QAAQ,KAAI;AAGrD,YAAM,iBAAiB,MAAMC,kBAAA;AAGxB,qBAAe,aAClB,eAAe,OAAA;AAGjB,YAAM,MAAM,QAAQ,IAAI,aAAa,cAI/B,cAAc,MAAMC,QAAAA,QAAA,GACpB,SAAS,YAAY,IAAI,oBAAoB;AACnD,aAAA,YAAY,IAAI;AAAA,QACd,MAAM;AAAA,QACN,OAAO,QAAQ;AAAA,QACf,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ,CAAC;AAAA,QACT,UAAU,MAAM,QAAQ;AAAA,MAAA,CACzB,GAEG,4BACF,YAAY,IAAI;AAAA,QACd,MAAMC,UAAAA;AAAAA,QACN,OAAO;AAAA,QACP,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ,CAAC;AAAA,QACT,UAAU,MAAM,QAAQ;AAAA,MAAA,CACzB,GAIIC,WAAAA,SAAS,UAAU;AAAA,IAC5B;AAAA,EAAA;AAEJ;;"}
+{"version":3,"file":"draft-mode.cjs","sources":["../src/draft-mode/define-enable-draft-mode.ts"],"sourcesContent":["import {validatePreviewUrl} from '@sanity/preview-url-secret'\nimport {perspectiveCookieName} from '@sanity/preview-url-secret/constants'\nimport {cookies, draftMode} from 'next/headers'\nimport {redirect} from 'next/navigation'\n\nimport type {SanityClient} from '../client'\n\n/**\n * @public\n */\nexport interface DefineEnableDraftModeOptions {\n  client: SanityClient\n  /**\n   * Force secure cookies in development mode.\n   * Enable this when using Next.js --experimental-https flag.\n   * This option has no effect in production (cookies are always secure).\n   * @defaultValue false\n   */\n  secureDevMode?: boolean\n}\n\n/**\n * @public\n */\nexport interface EnableDraftMode {\n  GET: (request: Request) => Promise<Response>\n}\n\n/**\n * Sets up an API route for enabling draft mode, can be paired with the `previewUrl.previewMode.enable` in `sanity/presentation`.\n * Can also be used with `sanity-plugin-iframe-pane`.\n * @example\n * ```ts\n * // src/app/api/draft-mode/enable/route.ts\n *\n * import { defineEnableDraftMode } from \"next-sanity/draft-mode\";\n * import { client } from \"@/sanity/lib/client\";\n *\n * export const { GET } = defineEnableDraftMode({\n *   client: client.withConfig({ token: process.env.SANITY_API_READ_TOKEN }),\n * });\n * ```\n *\n * @public\n */\nexport function defineEnableDraftMode(options: DefineEnableDraftModeOptions): EnableDraftMode {\n  const {client} = options\n  return {\n    GET: async (request: Request) => {\n      // eslint-disable-next-line no-warning-comments\n      // @TODO check if already in draft mode at a much earlier stage, and skip validation\n\n      const {\n        isValid,\n        redirectTo = '/',\n        studioPreviewPerspective,\n      } = await validatePreviewUrl(client, request.url)\n      if (!isValid) {\n        return new Response('Invalid secret', {status: 401})\n      }\n\n      const draftModeStore = await draftMode()\n\n      // Let's enable draft mode if it's not already enabled\n      if (!draftModeStore.isEnabled) {\n        draftModeStore.enable()\n      }\n\n      const isProduction = process.env.NODE_ENV === 'production'\n\n      // We can't auto-detect HTTPS in dev due to Next.js limitations,\n      // so we need an explicit option\n      const isSecure = isProduction || (options.secureDevMode ?? false)\n\n      // Override cookie header for draft mode for usage in live-preview\n      // https://github.com/vercel/next.js/issues/49927\n      const cookieStore = await cookies()\n      const cookie = cookieStore.get('__prerender_bypass')!\n      cookieStore.set({\n        name: '__prerender_bypass',\n        value: cookie?.value,\n        httpOnly: true,\n        path: '/',\n        secure: isSecure,\n        sameSite: isSecure ? 'none' : 'lax',\n      })\n\n      if (studioPreviewPerspective) {\n        cookieStore.set({\n          name: perspectiveCookieName,\n          value: studioPreviewPerspective,\n          httpOnly: true,\n          path: '/',\n          secure: isSecure,\n          sameSite: isSecure ? 'none' : 'lax',\n        })\n      }\n\n      // the `redirect` function throws, and eventually returns a Promise<Response>. TSC doesn't \"see\" that so we have to tell it\n      return redirect(redirectTo) as Promise<Response>\n    },\n  }\n}\n"],"names":["validatePreviewUrl","draftMode","cookies","perspectiveCookieName","redirect"],"mappings":";;;AA6CO,SAAS,sBAAsB,SAAwD;AAC5F,QAAM,EAAC,WAAU;AACjB,SAAO;AAAA,IACL,KAAK,OAAO,YAAqB;AAI/B,YAAM;AAAA,QACJ;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MAAA,IACE,MAAMA,iBAAAA,mBAAmB,QAAQ,QAAQ,GAAG;AAChD,UAAI,CAAC;AACH,eAAO,IAAI,SAAS,kBAAkB,EAAC,QAAQ,KAAI;AAGrD,YAAM,iBAAiB,MAAMC,kBAAA;AAGxB,qBAAe,aAClB,eAAe,OAAA;AAOjB,YAAM,WAJe,QAAQ,IAAI,aAAa,iBAIZ,QAAQ,iBAAiB,KAIrD,cAAc,MAAMC,gBAAA,GACpB,SAAS,YAAY,IAAI,oBAAoB;AACnD,aAAA,YAAY,IAAI;AAAA,QACd,MAAM;AAAA,QACN,OAAO,QAAQ;AAAA,QACf,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ;AAAA,QACR,UAAU,WAAW,SAAS;AAAA,MAAA,CAC/B,GAEG,4BACF,YAAY,IAAI;AAAA,QACd,MAAMC,UAAAA;AAAAA,QACN,OAAO;AAAA,QACP,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ;AAAA,QACR,UAAU,WAAW,SAAS;AAAA,MAAA,CAC/B,GAIIC,WAAAA,SAAS,UAAU;AAAA,IAC5B;AAAA,EAAA;AAEJ;;"}

package/dist/draft-mode.d.cts

@@ -26,6 +26,13 @@ export declare function defineEnableDraftMode(
  */
 export declare interface DefineEnableDraftModeOptions {
   client: SanityClient
+  /**
+   * Force secure cookies in development mode.
+   * Enable this when using Next.js --experimental-https flag.
+   * This option has no effect in production (cookies are always secure).
+   * @defaultValue false
+   */
+  secureDevMode?: boolean
 }
 
 /**

package/dist/draft-mode.d.ts

@@ -26,6 +26,13 @@ export declare function defineEnableDraftMode(
  */
 export declare interface DefineEnableDraftModeOptions {
   client: SanityClient
+  /**
+   * Force secure cookies in development mode.
+   * Enable this when using Next.js --experimental-https flag.
+   * This option has no effect in production (cookies are always secure).
+   * @defaultValue false
+   */
+  secureDevMode?: boolean
 }
 
 /**

package/dist/draft-mode.js

@@ -15,21 +15,21 @@ function defineEnableDraftMode(options) {
         return new Response("Invalid secret", { status: 401 });
       const draftModeStore = await draftMode();
       draftModeStore.isEnabled || draftModeStore.enable();
-      const dev = process.env.NODE_ENV !== "production", cookieStore = await cookies(), cookie = cookieStore.get("__prerender_bypass");
+      const isSecure = process.env.NODE_ENV === "production" || (options.secureDevMode ?? !1), cookieStore = await cookies(), cookie = cookieStore.get("__prerender_bypass");
       return cookieStore.set({
         name: "__prerender_bypass",
         value: cookie?.value,
         httpOnly: !0,
         path: "/",
-        secure: !dev,
-        sameSite: dev ? "lax" : "none"
+        secure: isSecure,
+        sameSite: isSecure ? "none" : "lax"
       }), studioPreviewPerspective && cookieStore.set({
         name: perspectiveCookieName,
         value: studioPreviewPerspective,
         httpOnly: !0,
         path: "/",
-        secure: !dev,
-        sameSite: dev ? "lax" : "none"
+        secure: isSecure,
+        sameSite: isSecure ? "none" : "lax"
       }), redirect(redirectTo);
     }
   };

package/dist/draft-mode.js.map

@@ -1 +1 @@
-{"version":3,"file":"draft-mode.js","sources":["../src/draft-mode/define-enable-draft-mode.ts"],"sourcesContent":["import {validatePreviewUrl} from '@sanity/preview-url-secret'\nimport {perspectiveCookieName} from '@sanity/preview-url-secret/constants'\nimport {cookies, draftMode} from 'next/headers'\nimport {redirect} from 'next/navigation'\n\nimport type {SanityClient} from '../client'\n\n/**\n * @public\n */\nexport interface DefineEnableDraftModeOptions {\n  client: SanityClient\n}\n\n/**\n * @public\n */\nexport interface EnableDraftMode {\n  GET: (request: Request) => Promise<Response>\n}\n\n/**\n * Sets up an API route for enabling draft mode, can be paired with the `previewUrl.previewMode.enable` in `sanity/presentation`.\n * Can also be used with `sanity-plugin-iframe-pane`.\n * @example\n * ```ts\n * // src/app/api/draft-mode/enable/route.ts\n *\n * import { defineEnableDraftMode } from \"next-sanity/draft-mode\";\n * import { client } from \"@/sanity/lib/client\";\n *\n * export const { GET } = defineEnableDraftMode({\n *   client: client.withConfig({ token: process.env.SANITY_API_READ_TOKEN }),\n * });\n * ```\n *\n * @public\n */\nexport function defineEnableDraftMode(options: DefineEnableDraftModeOptions): EnableDraftMode {\n  const {client} = options\n  return {\n    GET: async (request: Request) => {\n      // eslint-disable-next-line no-warning-comments\n      // @TODO check if already in draft mode at a much earlier stage, and skip validation\n\n      const {\n        isValid,\n        redirectTo = '/',\n        studioPreviewPerspective,\n      } = await validatePreviewUrl(client, request.url)\n      if (!isValid) {\n        return new Response('Invalid secret', {status: 401})\n      }\n\n      const draftModeStore = await draftMode()\n\n      // Let's enable draft mode if it's not already enabled\n      if (!draftModeStore.isEnabled) {\n        draftModeStore.enable()\n      }\n\n      const dev = process.env.NODE_ENV !== 'production'\n\n      // Override cookie header for draft mode for usage in live-preview\n      // https://github.com/vercel/next.js/issues/49927\n      const cookieStore = await cookies()\n      const cookie = cookieStore.get('__prerender_bypass')!\n      cookieStore.set({\n        name: '__prerender_bypass',\n        value: cookie?.value,\n        httpOnly: true,\n        path: '/',\n        secure: !dev,\n        sameSite: dev ? 'lax' : 'none',\n      })\n\n      if (studioPreviewPerspective) {\n        cookieStore.set({\n          name: perspectiveCookieName,\n          value: studioPreviewPerspective,\n          httpOnly: true,\n          path: '/',\n          secure: !dev,\n          sameSite: dev ? 'lax' : 'none',\n        })\n      }\n\n      // the `redirect` function throws, and eventually returns a Promise<Response>. TSC doesn't \"see\" that so we have to tell it\n      return redirect(redirectTo) as Promise<Response>\n    },\n  }\n}\n"],"names":[],"mappings":";;;;AAsCO,SAAS,sBAAsB,SAAwD;AAC5F,QAAM,EAAC,WAAU;AACjB,SAAO;AAAA,IACL,KAAK,OAAO,YAAqB;AAI/B,YAAM;AAAA,QACJ;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MAAA,IACE,MAAM,mBAAmB,QAAQ,QAAQ,GAAG;AAChD,UAAI,CAAC;AACH,eAAO,IAAI,SAAS,kBAAkB,EAAC,QAAQ,KAAI;AAGrD,YAAM,iBAAiB,MAAM,UAAA;AAGxB,qBAAe,aAClB,eAAe,OAAA;AAGjB,YAAM,MAAM,QAAQ,IAAI,aAAa,cAI/B,cAAc,MAAM,QAAA,GACpB,SAAS,YAAY,IAAI,oBAAoB;AACnD,aAAA,YAAY,IAAI;AAAA,QACd,MAAM;AAAA,QACN,OAAO,QAAQ;AAAA,QACf,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ,CAAC;AAAA,QACT,UAAU,MAAM,QAAQ;AAAA,MAAA,CACzB,GAEG,4BACF,YAAY,IAAI;AAAA,QACd,MAAM;AAAA,QACN,OAAO;AAAA,QACP,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ,CAAC;AAAA,QACT,UAAU,MAAM,QAAQ;AAAA,MAAA,CACzB,GAII,SAAS,UAAU;AAAA,IAC5B;AAAA,EAAA;AAEJ;"}
+{"version":3,"file":"draft-mode.js","sources":["../src/draft-mode/define-enable-draft-mode.ts"],"sourcesContent":["import {validatePreviewUrl} from '@sanity/preview-url-secret'\nimport {perspectiveCookieName} from '@sanity/preview-url-secret/constants'\nimport {cookies, draftMode} from 'next/headers'\nimport {redirect} from 'next/navigation'\n\nimport type {SanityClient} from '../client'\n\n/**\n * @public\n */\nexport interface DefineEnableDraftModeOptions {\n  client: SanityClient\n  /**\n   * Force secure cookies in development mode.\n   * Enable this when using Next.js --experimental-https flag.\n   * This option has no effect in production (cookies are always secure).\n   * @defaultValue false\n   */\n  secureDevMode?: boolean\n}\n\n/**\n * @public\n */\nexport interface EnableDraftMode {\n  GET: (request: Request) => Promise<Response>\n}\n\n/**\n * Sets up an API route for enabling draft mode, can be paired with the `previewUrl.previewMode.enable` in `sanity/presentation`.\n * Can also be used with `sanity-plugin-iframe-pane`.\n * @example\n * ```ts\n * // src/app/api/draft-mode/enable/route.ts\n *\n * import { defineEnableDraftMode } from \"next-sanity/draft-mode\";\n * import { client } from \"@/sanity/lib/client\";\n *\n * export const { GET } = defineEnableDraftMode({\n *   client: client.withConfig({ token: process.env.SANITY_API_READ_TOKEN }),\n * });\n * ```\n *\n * @public\n */\nexport function defineEnableDraftMode(options: DefineEnableDraftModeOptions): EnableDraftMode {\n  const {client} = options\n  return {\n    GET: async (request: Request) => {\n      // eslint-disable-next-line no-warning-comments\n      // @TODO check if already in draft mode at a much earlier stage, and skip validation\n\n      const {\n        isValid,\n        redirectTo = '/',\n        studioPreviewPerspective,\n      } = await validatePreviewUrl(client, request.url)\n      if (!isValid) {\n        return new Response('Invalid secret', {status: 401})\n      }\n\n      const draftModeStore = await draftMode()\n\n      // Let's enable draft mode if it's not already enabled\n      if (!draftModeStore.isEnabled) {\n        draftModeStore.enable()\n      }\n\n      const isProduction = process.env.NODE_ENV === 'production'\n\n      // We can't auto-detect HTTPS in dev due to Next.js limitations,\n      // so we need an explicit option\n      const isSecure = isProduction || (options.secureDevMode ?? false)\n\n      // Override cookie header for draft mode for usage in live-preview\n      // https://github.com/vercel/next.js/issues/49927\n      const cookieStore = await cookies()\n      const cookie = cookieStore.get('__prerender_bypass')!\n      cookieStore.set({\n        name: '__prerender_bypass',\n        value: cookie?.value,\n        httpOnly: true,\n        path: '/',\n        secure: isSecure,\n        sameSite: isSecure ? 'none' : 'lax',\n      })\n\n      if (studioPreviewPerspective) {\n        cookieStore.set({\n          name: perspectiveCookieName,\n          value: studioPreviewPerspective,\n          httpOnly: true,\n          path: '/',\n          secure: isSecure,\n          sameSite: isSecure ? 'none' : 'lax',\n        })\n      }\n\n      // the `redirect` function throws, and eventually returns a Promise<Response>. TSC doesn't \"see\" that so we have to tell it\n      return redirect(redirectTo) as Promise<Response>\n    },\n  }\n}\n"],"names":[],"mappings":";;;;AA6CO,SAAS,sBAAsB,SAAwD;AAC5F,QAAM,EAAC,WAAU;AACjB,SAAO;AAAA,IACL,KAAK,OAAO,YAAqB;AAI/B,YAAM;AAAA,QACJ;AAAA,QACA,aAAa;AAAA,QACb;AAAA,MAAA,IACE,MAAM,mBAAmB,QAAQ,QAAQ,GAAG;AAChD,UAAI,CAAC;AACH,eAAO,IAAI,SAAS,kBAAkB,EAAC,QAAQ,KAAI;AAGrD,YAAM,iBAAiB,MAAM,UAAA;AAGxB,qBAAe,aAClB,eAAe,OAAA;AAOjB,YAAM,WAJe,QAAQ,IAAI,aAAa,iBAIZ,QAAQ,iBAAiB,KAIrD,cAAc,MAAM,QAAA,GACpB,SAAS,YAAY,IAAI,oBAAoB;AACnD,aAAA,YAAY,IAAI;AAAA,QACd,MAAM;AAAA,QACN,OAAO,QAAQ;AAAA,QACf,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ;AAAA,QACR,UAAU,WAAW,SAAS;AAAA,MAAA,CAC/B,GAEG,4BACF,YAAY,IAAI;AAAA,QACd,MAAM;AAAA,QACN,OAAO;AAAA,QACP,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ;AAAA,QACR,UAAU,WAAW,SAAS;AAAA,MAAA,CAC/B,GAII,SAAS,UAAU;AAAA,IAC5B;AAAA,EAAA;AAEJ;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-sanity",
-  "version": "10.0.1",
+  "version": "10.0.3",
   "description": "Sanity.io toolkit for Next.js",
   "keywords": [
     "sanity",
@@ -121,16 +121,16 @@
   "dependencies": {
     "@portabletext/react": "^3.2.1",
     "@sanity/client": "^7.8.0",
-    "@sanity/next-loader": "^1.7.1",
-    "@sanity/preview-url-secret": "^2.1.13",
-    "@sanity/visual-editing": "^2.15.3",
-    "groq": "^4.0.1",
+    "@sanity/next-loader": "^1.7.2",
+    "@sanity/preview-url-secret": "^2.1.14",
+    "@sanity/visual-editing": "^2.15.4",
+    "groq": "^4.1.1",
     "history": "^5.3.0"
   },
   "devDependencies": {
     "@sanity/browserslist-config": "^1.0.5",
-    "@sanity/pkg-utils": "^7.9.7",
-    "@sanity/types": "^4.0.1",
+    "@sanity/pkg-utils": "^7.9.9",
+    "@sanity/types": "^4.1.1",
     "@sanity/webhook": "4.0.4",
     "@types/react": "^19.1.8",
     "@types/react-dom": "^19.1.6",
@@ -149,7 +149,7 @@
     "next": "^15.1",
     "react": "^19",
     "react-dom": "^19",
-    "sanity": "^4.0.1",
+    "sanity": "^4.1.1",
     "styled-components": "^6.1"
   },
   "engines": {

package/src/draft-mode/define-enable-draft-mode.ts

@@ -10,6 +10,13 @@ import type {SanityClient} from '../client'
  */
 export interface DefineEnableDraftModeOptions {
   client: SanityClient
+  /**
+   * Force secure cookies in development mode.
+   * Enable this when using Next.js --experimental-https flag.
+   * This option has no effect in production (cookies are always secure).
+   * @defaultValue false
+   */
+  secureDevMode?: boolean
 }
 
 /**
@@ -59,7 +66,11 @@ export function defineEnableDraftMode(options: DefineEnableDraftModeOptions): En
         draftModeStore.enable()
       }
 
-      const dev = process.env.NODE_ENV !== 'production'
+      const isProduction = process.env.NODE_ENV === 'production'
+
+      // We can't auto-detect HTTPS in dev due to Next.js limitations,
+      // so we need an explicit option
+      const isSecure = isProduction || (options.secureDevMode ?? false)
 
       // Override cookie header for draft mode for usage in live-preview
       // https://github.com/vercel/next.js/issues/49927
@@ -70,8 +81,8 @@ export function defineEnableDraftMode(options: DefineEnableDraftModeOptions): En
         value: cookie?.value,
         httpOnly: true,
         path: '/',
-        secure: !dev,
-        sameSite: dev ? 'lax' : 'none',
+        secure: isSecure,
+        sameSite: isSecure ? 'none' : 'lax',
       })
 
       if (studioPreviewPerspective) {
@@ -80,8 +91,8 @@ export function defineEnableDraftMode(options: DefineEnableDraftModeOptions): En
           value: studioPreviewPerspective,
           httpOnly: true,
           path: '/',
-          secure: !dev,
-          sameSite: dev ? 'lax' : 'none',
+          secure: isSecure,
+          sameSite: isSecure ? 'none' : 'lax',
         })
       }