Whatever I try cors just doesn't seem to work in production

Question

Hi im using the cors npm library to connect a backend with a front-end ive built backends before with fastApi middleware and that worked perfectly fine but with expressjs it doesn't seem to work in production at all only in development. I keep getting this error

Access to XMLHttpRequest at 'https://invoiceappnodejs.herokuapp.com/send_mail' from origin
'https://www.omillerwieldinginvoice.com' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.

here is the code

const cors = require('cors');

require('dotenv').config()
const express = require('express');

const nodemailer = require('nodemailer');
const app = express();



app.use(express.json());
app.options('/send_mail', cors())
app.use(cors({
    allowedHeaders:["*"],
    exposedHeaders: ['*']
    origins:'https://www.omillerwieldinginvoice.com/',
    headers:'*',
    preflightContinue: false,
    methods:"GET, POST, PUT, PATCH, POST, DELETE"
}))

Answer 1

Since you explicitly put https://www.omillerwieldinginvoice.com/ as origin, the request for https://invoiceappnodejs.herokuapp.com/send_mail wouldn't work. So you need to add the correct origin to your origins.

Also don't forget to initalize CORS before your routes. So order should be:

app.use(cors({});
app.use(express.json());
app.options('/send_mail', cors());