As someone said above origin!=site , the cookie is being sent from same site here in your case , where both frontend and backend are having same tld that is localhost (port does not matter) .
if it was a different domain like backend.com and frontend.com then it would have been considered as cross site as well as cross origin