I am hoping to get help with the issue I’ve been struggling for a while now. I am developing a web app with React and NodeJS Express. After deploying both back and front end to Render.com I bought a domain and configured DNS in the following way:

• client – https://example.com/
• server – https://api.example.com/

And the issue is connected to the following error that appears when making the login request (and any other reqs) from the client.

Access to XMLHttpRequest at ‘https://api.example.com/admins/login’ from origin ‘https://www.example.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: Redirect is not allowed for a preflight request.

On Safari I get the following message:

Preflight response is not successful. Status code: 307

Just in case, the request itself is carried out successfully in Postman. Additionally, I also managed to configure a rewrite rule on Render that rewrites requests from example.com/api/* to api.example.com/* , which also, when set, produces the same error.

Here is my NodeJS CORS configuration, I have it enabled with the following lines:

As for the origin link, I am familiar that for some people the issue was caused by the absence/presence of a slash at the end. I tried different ways, which made no effect whatsoever.

const cors = require("cors");
const corsOptions ={
   origin: "https://example.com/", 
   credentials:true,         //access-control-allow-credentials:true
   optionSuccessStatus:200,
};

app.use(cors(corsOptions));

After an intense googling session, I tried configuring cors the following way,** which also did not help**

const cors = require("cors");
app.use(cors());   //also tried including my corsOptions from the previous snippet
app.options('*', cors());

Finally, I tried using a custom middleware presented in this answer, which also did not help.
/a/13148080/20265378