You need to add enableCors as others have suggested. However, you can fine tune it to your needs to make it more secure:
enableCors
app.enableCors({ credentials: true, methods: ["post"], origin: process.env.YOUR_CLIENT_URL, }) ```