CORS Error When Making Batch Requests to Google Calendar API from Local Development Environment

Other Questions Google calendar
1

Hey everyone, I need some help with a frustrating issue. I’m trying to work with Google Calendar API v3 and keep running into a CORS problem when testing from my local environment.

The specific error message I’m seeing is: ‘from origin ‘http://localhost’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource’

What’s really confusing is that this same setup worked perfectly fine a few months ago when I was doing similar testing. Now suddenly it’s throwing this CORS error.

Here’s the function I’m using to create batch requests:

function createBatchPayload(events, targetCalendar) {
    var delimiter = 'batch_boundary_123';
    var batchBody = '';
    
    events.forEach(function(eventData, index) {
        batchBody += '--' + delimiter +
                    '\r\nContent-Type: application/http' +
                    '\r\nContent-ID: ' + index + '\r\n\r\n' +
                    'POST https://www.googleapis.com/calendar/v3/calendars/' + targetCalendar + '/events' +
                    '\r\nContent-Type: application/json' +
                    '\r\n\r\n' + JSON.stringify(eventData) + '\r\n';
    });
    
    return batchBody + '\r\n--' + delimiter + '--';
}

Has anyone else experienced this issue recently? I’m wondering if Google changed something on their end that’s causing this CORS blocking. Any workarounds or solutions would be really appreciated!

2

I’ve hit this exact problem before. Your batch payload code looks fine - that’s not the issue.

Google Calendar API blocks direct browser calls from localhost now. They changed their CORS policy and tightened security over the past year.

Two ways to fix this:

Option 1: Use a proxy server
Set up a local proxy that forwards requests to Google’s API. I usually spin up a quick Express server during development.

Option 2: Move to server-side calls
Handle your batch requests on the backend instead of directly from the browser. This is actually better anyway - keeps your API credentials safe.

I had a project last year where we ran into this same wall. Moved all calendar operations to our Node backend and it fixed the CORS issues completely. Better security too.

The localhost restriction is pretty standard now across Google APIs. They want proper server-to-server auth for production.