How to protect HTTP requests coming from mobile from CORS attacks?

HTTP request coming from mobile comes from localhost domain, however White Listing localhost in backend open up chances for CORS attacks. How to secure or filter HTTP request coming from mobile devices?