Invoke Resumable Upload URI in Google Drive from Client

Question

I have written a Node app that generates the Drive Resumable Upload URL on the server side. I do this to not expose the access token to the client.

const url = 'https://www.googleapis.com/upload/drive/v3/files?uploadType=resumable';
  const { headers } = await axios.post(url,{name: "File Name"}, {
    headers: {
      Authorization: `Bearer ${accessToken}`,
      'X-Upload-Content-Type': type,
      'X-Upload-Content-Length': size,
      'Content-Type': 'application/json; charset=UTF-8',
    },
  });

I then pass this upload URL to the client and use it to upload the file to Google Drive in Chunks. However it returns the cors error. The error doesn't happen if I upload chunks from the server using the same upload URI.

Is it that the resumable upload URI should be invoked from the same host where it was originally requested from? Is it possible to bypass this restriction since I do not want to expose the token to the client.