Im on production trying to use google auth 2.0 with passport on my express js backend.

origin: function(origin, callback) {
 if (!origin || allowedOrigins.includes(origin)) {
   callback(null, origin); // Return the specific origin, not a wildcard
 } else {
   callback(new Error('Not allowed by CORS policy'));
 }
},
credentials: true,
methods: ['GET', 'POST', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'Accept'],
exposedHeaders: ['Set-Cookie']
}));

on my protected route (frontend) I fetch check-auth

          credentials: 'include', 
          method: 'GET',
          headers: {
            'Content-Type': 'application/json',
          },
        });   ````

and I get a cors error ```Access to fetch at '' from origin '' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.```

pulled my hair for 12 hours now ! nothing worked 

login logic: I git api/v1/auth - > backend redirects to google -> callback url is dashboard that is a protected route and on protected route we check-auth 

Thank you for your help :)