My app's architecture is as follows:

DB: MongoDB (Mongoose)
Backend: Express server hosted on Railway (or localhost:3000)
Frontend: React (Vite) site hosted on Render (or localhost:5173)

It's a basic blog app, with blog posts & comments.

All CRUD operations are working correctly, I can post blogs, add and delete comments, etc.

The authentication is done via PassportJS on the Express app, using JWT & Passport "local strategy". It works fine, users can sign up with an email, log in to create some posts, log out, etc.

In summary, up till now, everything works fine. But I want to implement "Sign in with Google", still using Passport, via the "passport-google-oauth2" strategy.

After setting up the prerequisites, no when I click on "Sign in with Google", I get a CORS error:

"Access to fetch at 'https://accounts.google/....com' (redirected from 'https://myExpressAPI.com') from origin 'https://myReactApp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource".

I already have cors set up on my Express app (or else it wouldn't be working in the first place), with use(cors({origin: https://myReactApp.com}))

I have been trying countless different settings and attempts while reading SO answers, but nothing seems to work. And I can't find anything specific on the Google dev documents for google auth.

So if anyone has already set up a sign in with Google authentication, any help would be appreciated.

Thanks,