Production-only issues in Lovable apps arise from differences between the Vite dev server and the production build. The most common causes are missing environment variables on the hosting platform, assets referenced with wrong paths after building, CORS policies that differ by domain, and Vite build optimizations that tree-shake code your app needs at runtime.
Why Lovable apps break in production but work in preview
Lovable's preview uses Vite's development server, which behaves differently from the production build in several important ways. In development, Vite serves files individually without bundling, environment variables are available via import.meta.env even if they are only in a local .env file, and CORS restrictions are relaxed because everything runs on the same localhost origin. When you deploy to production, Vite bundles everything into optimized files in the dist/ folder. Environment variables must be explicitly set on the hosting platform — your local .env file is not deployed. Asset paths change because Vite adds content hashes to filenames for cache busting. CORS policies apply because your frontend and backend now run on different domains. These differences are not bugs — they are fundamental to how modern web tooling works. The solution is to test with the production build before deploying, ensure all environment variables are set on your host, use root-relative asset paths, and configure CORS headers on your backend.
- Environment variables missing on the hosting platform — VITE_ variables from .env are not auto-deployed
- Asset paths break after build — Vite adds content hashes to filenames, changing the URL
- CORS errors on production domain — the API allows the preview domain but not the production domain
- Vite tree-shaking removes code that appears unused but is needed at runtime
- Different Node.js version on the build server — package behavior varies between versions
Error messages you might see
Uncaught ReferenceError: process is not definedYour code uses process.env instead of import.meta.env. Vite does not provide the Node.js process object in the browser. Replace process.env with import.meta.env for all VITE_ prefixed variables.
Failed to load resource: the server responded with a status of 404 (/assets/index-abc123.js)The hashed asset filename from the build does not match what the HTML expects. This usually means the index.html is cached from a previous build while the assets are from a new build. Clear the CDN cache or add cache-busting headers.
TypeError: Cannot read properties of undefined (reading 'VITE_SUPABASE_URL')The VITE_SUPABASE_URL environment variable is not set on the hosting platform. Set it in your Vercel/Netlify project settings to match the value from Cloud tab Secrets.
Before you start
- A Lovable project that works in preview but has issues after deployment
- Access to the hosting platform dashboard (Vercel, Netlify, or Cloudflare Pages)
- Browser DevTools open on the production URL to inspect console errors and Network requests
How to fix it
Set all VITE_ environment variables on your hosting platform
Environment variables from your Lovable Cloud secrets or .env file are not automatically deployed to external hosts
Set all VITE_ environment variables on your hosting platform
Environment variables from your Lovable Cloud secrets or .env file are not automatically deployed to external hosts
Go to your hosting platform's dashboard (Vercel: Settings then Environment Variables, Netlify: Site Settings then Environment Variables). Add every VITE_ prefixed variable your app uses. The minimum set for Supabase projects is VITE_SUPABASE_URL, VITE_SUPABASE_PUBLISHABLE_KEY, and VITE_SUPABASE_PROJECT_ID. Copy these values from the Cloud tab in Lovable (click + next to Preview, then Cloud, then Secrets). After adding the variables, trigger a new deployment — environment variables are embedded at build time, so existing deployments will not pick up the changes.
Expected result: All VITE_ variables are available at build time, and import.meta.env references resolve correctly in the production build.
Fix asset paths for production builds
Vite adds content hashes to filenames in production, breaking hardcoded asset references
Fix asset paths for production builds
Vite adds content hashes to filenames in production, breaking hardcoded asset references
Never hardcode asset file paths in your code. For images and files in the /public folder, use root-relative paths (starting with /). For assets imported in JavaScript, use ES module imports so Vite can track and hash them correctly. The import syntax ensures the correct production URL is used.
// BAD: hardcoded path breaks after Vite hashing<img src="./images/logo.png" alt="Logo" />// BAD: relative path breaks on nested routes<img src="images/hero.jpg" alt="Hero" />// GOOD: root-relative path for /public assets<img src="/images/logo.png" alt="Logo" />// BETTER: ES import for assets in /srcimport heroImage from "@/assets/hero.jpg";<img src={heroImage} alt="Hero" />Expected result: Assets load correctly in both preview and production because Vite manages the paths.
Configure CORS for the production domain
API servers that allow your preview domain may block your production domain if it is not in their allow list
Configure CORS for the production domain
API servers that allow your preview domain may block your production domain if it is not in their allow list
If your production site gets CORS errors that did not appear in preview, the API server needs your production domain in its CORS allow list. For Supabase Edge Functions, add the production domain to the allowed origins in the CORS headers. For external APIs, create a Supabase Edge Function proxy so the browser never makes cross-origin requests directly. If this involves configuring CORS across multiple Edge Functions and external API integrations, RapidDev's engineers have handled this exact pattern across 600+ Lovable projects.
// Edge Function with hardcoded preview originconst corsHeaders = { "Access-Control-Allow-Origin": "https://preview-id.lovableproject.com",};// Edge Function with dynamic origin matchingconst allowedOrigins = [ "https://yourapp.lovable.app", "https://yourdomain.com", "https://preview-id.lovableproject.com",];const origin = req.headers.get("Origin") ?? "";const corsHeaders = { "Access-Control-Allow-Origin": allowedOrigins.includes(origin) ? origin : "", "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",};Expected result: Both preview and production domains are allowed, and CORS errors are eliminated.
Test the production build locally before deploying
Catching production issues before deployment saves debugging time and prevents downtime
Test the production build locally before deploying
Catching production issues before deployment saves debugging time and prevents downtime
If your project is connected to GitHub, clone the repo locally. Create a .env file with your VITE_ variables. Run the build command and serve the output. This simulates exactly what the hosting platform will serve, letting you catch issues before they reach your users. Open the served URL in an incognito window and test all pages, especially authentication flows and API calls.
Expected result: You catch production-only issues on your local machine before deploying to the live site.
Complete code example
1/**2 * Centralized environment variable access with validation.3 * Import from here instead of using import.meta.env directly.4 * This catches missing variables early with clear error messages.5 */67function getRequiredEnv(key: string): string {8 const value = import.meta.env[key];9 if (!value) {10 console.error(11 `Missing required environment variable: ${key}. ` +12 `Set it in Cloud tab > Secrets (Lovable) or in your hosting platform settings.`13 );14 // Return empty string instead of throwing to prevent blank screen15 return "";16 }17 return value;18}1920// Supabase configuration21export const SUPABASE_URL = getRequiredEnv("VITE_SUPABASE_URL");22export const SUPABASE_ANON_KEY = getRequiredEnv("VITE_SUPABASE_PUBLISHABLE_KEY");23export const SUPABASE_PROJECT_ID = getRequiredEnv("VITE_SUPABASE_PROJECT_ID");2425// App configuration26export const APP_URL = import.meta.env.VITE_APP_URL || window.location.origin;27export const IS_PRODUCTION = import.meta.env.PROD;28export const IS_DEVELOPMENT = import.meta.env.DEV;2930// Log missing variables in development to help debugging31if (IS_DEVELOPMENT) {32 const requiredVars = ["VITE_SUPABASE_URL", "VITE_SUPABASE_PUBLISHABLE_KEY"];33 const missing = requiredVars.filter(key => !import.meta.env[key]);34 if (missing.length > 0) {35 console.warn("Missing environment variables:", missing.join(", "));36 }37}Best practices to prevent this
- Always set VITE_ environment variables on your hosting platform — they are not deployed from your local .env file
- Use root-relative paths (starting with /) for assets in /public, and ES imports for assets in /src
- After adding or changing environment variables on your host, trigger a new deployment — changes only apply at build time
- Replace all process.env references with import.meta.env — Vite uses import.meta.env, not Node.js process.env
- Create a centralized env.ts file that validates required environment variables and logs clear errors when they are missing
- Add your production domain to all CORS allow lists, OAuth redirect URLs, and API key restrictions before deploying
- Test with the production build locally before deploying to catch tree-shaking and path issues early
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
My Lovable.dev app works perfectly in the Lovable preview but breaks after deploying to [Vercel/Netlify]. Here is what I see: - Browser console errors: [paste them] - Network tab failures: [describe failed requests] - Hosting platform: [Vercel/Netlify/other] - Environment variables set on host: [list them or say 'none'] Please help me: 1. Identify why the production build differs from the preview 2. Check if environment variables are correctly configured 3. Fix any asset path or CORS issues 4. Create an env.ts validation file to catch missing variables early
My app works in preview but breaks after publishing. Check @src/integrations/supabase/client.ts to make sure it uses import.meta.env (not process.env) for Supabase credentials. Check all image and asset references in components for hardcoded relative paths and change them to root-relative paths starting with /. Create a @src/lib/env.ts file that validates all required environment variables on startup.
Frequently asked questions
Why does my Lovable app work in preview but not in production?
The most common cause is missing environment variables. Lovable's preview has access to Cloud tab Secrets, but external hosts like Vercel and Netlify need these variables set separately. Check your hosting dashboard for VITE_SUPABASE_URL and VITE_SUPABASE_PUBLISHABLE_KEY.
How do I check which environment variables my app needs?
Search your project code for import.meta.env to find all referenced variables. The minimum set for Supabase projects is VITE_SUPABASE_URL, VITE_SUPABASE_PUBLISHABLE_KEY, and VITE_SUPABASE_PROJECT_ID. Copy their values from Cloud tab Secrets in Lovable.
Why do images work in preview but show broken icons in production?
Images in the /src folder get hashed filenames in production builds. If you reference them with hardcoded paths, the URLs no longer match. Use ES module imports (import logo from '@/assets/logo.png') or place images in /public and use root-relative paths.
Why do I get CORS errors only in production?
In Lovable's preview, your frontend and backend may share the same origin. In production, they run on different domains. Your API or Supabase Edge Functions need to include your production domain in their CORS allow list.
Do I need to redeploy after changing environment variables?
Yes. VITE_ variables are embedded at build time, not read at runtime. After changing environment variables on your hosting platform, trigger a new deployment for the changes to take effect.
What if I can't fix this myself?
Production debugging across environment configurations, CORS policies, and build optimizations can be complex. RapidDev's engineers have diagnosed and fixed production-only issues across 600+ Lovable deployments and can identify the root cause quickly.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your issue.
Book a free consultation