In order to get an access token for the Spotify API in my web app (as specified by their Web Authorization Flow), I've learned that I have to make a POST request. However, when I do so, I get the XMLHttpRequest 500 Error due to the cross-origin problem.

I have already figured out how to allow CORS GET requests, but am not sure how to do the same for POST requests. This link provides configuration tips, but it leaves the actual routes for GET and POST blank.

This is the relevant code for my Express.js server:

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});



app.use(express.static(__dirname + '/public')); // looks in public directory, not root directory (protects files)

app.get('/', function(req, res) {
  // res.header("Access-Control-Allow-Origin", "*");
  // res.header("Access-Control-Allow-Headers", "X-Requested-With");
  res.send(__dirname + '\\index.html')
});

app.post('/', function(req, res) {
    res.send(req.body.spotify);
});

(spotify is the spotify-web-api-js node module).

I've previously tried copying the exact code for app.get into app.post, but that caused the server to crash.

This is the bit of code in my program's JavaScript file that intends to send a POST request after the user clicks on a button that takes them to the start of Spotify's authorization path and approves the sign-in:

$('#spotify').on('click', function() {
    $.support.cors = true;

    $.post("https://accounts.spotify.com/api/token");

      });

(in this case, spotify is the ID for the button in the HTML file)

What should I do to bypass the CORS issue in this case? I've been stumped for a few days.