Netlify Graph CORS policy error

My site is live at

When I attempt authenticating via Spotify with the automatically generated handler/component, I get an error message as follows:

Invalid redirect domain’ is not allowed as a redirect domain for this app.
If you’re the developer, be sure to add ‘’ to your app’s CORS origins so your users can log into your app.
You can do this on the app’s dashboard

Following the advice of other netlify CORS issues online, I have modified my netlify.toml config file to the following:

  codeGenerator = "netlify-builtin:nextjs"

  for = "/*"
    Access-Control-Allow-Origin = "*"

But the error still occurs, what should I do?

Hi @MatthewssSmith1,

Welcome to Netlify Forums!

Could you confirm if you’ve added the CORS origin here?

Also, could you confirm if you’re not using a Custom OAuth Client:

Because if you’re, you might have to setup a custom redirect URL as explained there.

Lastly, you do not need to add the custom header that you’ve added - you can safely remove it.