CORS

How to avoid CORS error when authorizing VK when api and front are different domains?

Front on the Vue
API on Laravel
For authorization, plugins are used: vue-social-auth (for the front) and laravel/socialite (for the back)

At the second step, when the code received from VK is sent to the back, the following error occurs:

Access to XMLHttpRequest at 'https://oauth.vk.com/authorize?client_id=7657013&redirect_uri=https%3A%2F%2Fshare.f7race.haval.ru%2Fapi%2Flogin%2Fvkontakte%2Fcallback&scope=email&response_type=code' (redirected from 'https://api.some-domain.ru/api/auth/login/vkontakte') from origin 'https://some-domain.ru' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The code is executed on the production server. No localhosts.
Other API requests from the front to the back are executed without such errors.