I've done plenty of research on this topic. If you're facing this issue, these are your options:

1. Host both the frontend and backend on the same hosting service.
2. Use sessionStorage, localStorage, or your app state to save token. It's not the safest solution, but if you're working on a small application for school or just practice, it should be enough. If you're building a larger app, you should consider paying for a full hosting service for both sides.
3. If your end users will be on Windows, then keep using cookies (although third-party cookies will likely stop working on all operating systems eventually).