A simple demonstration of ExpressJS + CORS

index.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Document</title>
  </head>
  <body>
    <script>
      fetch("http://localhost:3000", {
        method: "put",
        credentials: "include",
      })
        .then(console.log)
        .catch(console.error);
    </script>
  </body>
</html>

index.js

import express from "express";
import cors from "cors";

const app = express();

// In production environment though you need to change them to your websites URL.
const whitelist = [
  "http://127.0.0.1:5500",
  "http://127.0.0.1:3000",
  "http://localhost:5500",
  "http://localhost:3000",
];

app.use(
  cors({
    origin(origin, callback) {
      if (whitelist.indexOf(origin) === -1) {
        callback(new Error("Not allowed by CORS"));
        return;
      }
      callback(null, true);
    },
    methods: ["GET", "PUT", "POST"],
    credentials: true,
  })
);

app.put("/", (req, res) => {
  res.send({ message: "cors" });
});

app.listen(3000);

console.log("Server is up and running!");

Learn about how CORS works here: https://github.com/kasir-barati/graphql/blob/main/docs/security.md#cors-intricacies