Help Wizard

Step 1



Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...


Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...


Token API CORS error

Token API CORS error



I am building a web application consuming Spotify API.

The feature is simply searching for a song which had worked fine until yesterday.


However, all of a sudden I was not able to get a access token from the API server any more - which lead the search request not to work as well. The error message is as below.


Access to XMLHttpRequest at '' from origin 'https://(my site name)' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


I just cannot understand why this happens although any line of my codes has not been changed at all. Please give me some possible solutions and updates. Thanks.




17 Replies

Me and a couple of others have experienced the same problem.
I described it here:

It looks like we have the exact same problem. Lets hope this gets fixed soon 😄

hi i am having the same issue. Did you guys figure it out yet?

I’ve sent an inquiry to Spotify team but no updates yet. I’ll let you know here when I get the reply.

The same issue, the code's been working for at least 2 months and yesterday all of a sudden Spotify started throwing this CORS error. The code is untouched so not sure what changed.

Same thing here. It appears it’s only the token api. The rest of the web api works fine as long as you already have a valid token. 

Here’s the link to my post:

Thanks. Please keep us posted. 

My app worked for weeks in this way and I'm getting this error too.


It seems that Spotify want you to ask for tokens from server to server, and not from the client.

If they don't fix this issue, I think we should just set up a simple Node/Express server and send the Http request from there.


The mystery is that I have been able to ask for token via Ajax for weeks and it always worked until now.

Same issue here. Built a project in recent months that uses Spotify's API and it suddenly doesn't work anymore. Subscribing.

This morning the api started working as expected on its own. No code changes at all have gone in and the full functionality on my web app is working now. 

I’d love to hear from the Spotify team about what happened. 

The exact same issue, hope it gets looked at soon

Looks like it got addressed… no errors this morning for me. With no code changes in my end. 

Thanks for reporting this, @user-removed. Are you still seeing the issue now? If so, it would be great if you can share a link to your app, and information about which browser you're using.

Hi there, 


I this morning everything seem to get back to normal at least on my web app... tested in the external public web app that I have and also through localhost with none of the issues happening over the last two days or so. 


We are wondering if there was probably something on the API's end that caused these errors to start happening because as daniel_kim mentioned, the errors started happening without changes on our end. 

Just did a quick test and it seems to be working for me now as well. Thank you.

Hi Josh,

I am currently working on a web app and I've just started expereincing this problem this past week. The address for my website is The web app was working fine a few weeks ago, but I've been getting CORS error recently. I am hoping to get some ingisght from you on how to fix such error. 



Hi, I am receiving this same issue. Is there any fix to this? Seems like all replies are speculative here.

So many people with the problem and no feedback to help others. I am also experiencing the error but there is no apparent solution.

Edit: The solution for me was to do the redirect with a <a href="/connect/spotify"> directly, as I was previously doing a redirect with my SPA and that caused the error.

More info here:

Suggested posts