Protecting Routes

I’m trying to protect some routes, I barely know my way around express/node, am working on my first project. I have a Express server running locally and an html page running locally. I’m getting an Error: Not allowed by CORS with the following code snip. I think I’m not whitelisting properly because when I comment out the below and only use app.use(cors()) , everything works.

const whitelist = ['http://127.0.0.1', 'http://127.0.0.1:5001', 'file:///C:/Users/austi/Projects/mynder-express-server/dist/index.html', 'http://localhost:5001', 'localhost:5001', '::1', 'localhost'];

// protecting routes
const corsOptions = {
  origin: (origin, callback) => {
    if (!origin || whitelist.indexOf(origin) !== -1) {
      callback(null, true);
    } else {
      callback(new Error("Not allowed by CORS"));
    }
  },
  optionsSuccessStatus: 200
};

app.use(cors(corsOptions));

Any guidance would be helpful! Thank you