I advise the cors module in npm
localhost does not have an origin so you will have to come up with an access key somehow
. But for now, do the following
$ npm install cors
API on the remote server:

const cors = require('cors')
// я не знаю какой фреймворк, делайте следующее
//express js (я знаю тока еxpress)
//до объявления всех обработчиков
app.use(cors())
//если другой фреймворк то схема такая
//в каждом обработчике до получения данных вызовите cors() для разрешения доступа

What to put when asked is up to you. What has to go through the bottleneck is sent out.
More depends on the server. If the request is GET, then the server should look to see if the request has the Origin header: http[s]://localhost[:port] (without / at the end), and if so, mirror it in Access-Control-Allow- origin. If CORS requests can come from a single Origin, then you can indiscriminately set the Access-Control-Allow-Origin header: http[s]://localhost[:port]
For GET, this may already be enough.
For POST and other methods, you already need to implement OPTIONS by responding 204 with the Access-Control-Allow-Origin and Access-Control-Allow-Methods headers, and then provide these headers in the response to the POST itself.
Access-Control-Request-Headers is needed to allow sending non-standard request headers, and Access-Control-Expose-Headers is needed to allow reading