I am making an authorization part of app, where the frontend is being run on ip1, while backend is on ip2, which is written using NestJS

Here is the code of main.ts file in my backend

 const file = readFileSync(
    path.join(os.homedir(), '.local/folder/folder/iplist.txt'),
    'utf-8',
  );
  const whitelist = file.split('\n');
  app.enableCors({
    origin: function (origin, callback) {
      if (whitelist.indexOf(origin) !== -1) {
        console.log('allowed cors for:', origin);
        callback(null, true);
      } else {
        console.log('blocked cors for:', origin);
        callback(new Error('Not allowed by CORS'));
      }
    },
    allowedHeaders:
      'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Observe',
    methods: 'GET,PUT,POST,DELETE,UPDATE,OPTIONS',
    credentials: true,
  });
  app.use(cookieParser());
  app.useGlobalPipes(
    new ValidationPipe({
      whitelist: true,
    }),
  );

Basically, what it does, is reading a file with IPs and then making an array of whitelist ips, allowing those with cors.

When setting the cookie, this is what I do:

const domain = request.headers.origin.slice(7).split(':')[0];
response
      .cookie('access_token', await this.authService.signIn(dto), {
        httpOnly: true,
        domain: domain,
        sameSite: 'lax',
        expires: new Date(Date.now() + 1000 * 60 * 10),
      })

This approach gives me the following error: Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url