Problem

When building a web app using the Spotify API, it’s currently not possible to “back off” appropriately when hitting a 429 rate-limit response as suggested by the official docs. This makes it close to impossible to build browser-only web apps using the Spotify API.

As already pointed out by other Spotify API users the Spotify API currently doesn’t provide the `Access-Control-Expose-Headers: Retry-After` in API responses which (based on how CORS is implemented in browsers) means it’s not possible to access the `headers['retry-after']` value from within your browser application.

Note the issue mentioned above was incorrectly closed as the Spotify API only return the `Access-Control-Allow-Headers` header but not the required `Access-Control-Expose-Headers: Retry-After` header.

Also note this limitation only exists in a browser context and not e.g. with Node.js.

Solution suggestion

The Spotify API should add the `Access-Control-Expose-Headers: Retry-After` HTTP header to its responses.