Untitled

const allowedDomains = [
  "https://yourdomain.com"
];
app.use(cors({

  origin: (origin, callback) => {
     if (!allowedDomains.includes(origin)) {
       const msg = "Access denied";
       return callback(new Error(msg), false);
     }
    return callback(null, true);
  },
  methods: 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS',
  credentials: true,
}));