XMLHttpRequest error when updating document, but CORS should be enabled

When I try to update a record I get these CORS errors:

Cross origin requests are only supported for HTTP.  XMLHttpRequest cannot load localhost:3000/api/adverts/5bf2b76c38c88dd144e5d4c3 due to access control checks. 

In create.component.ts:

  onSaveAdvert(form: NgForm){     if (form.invalid) {       console.log("fail");       return;     }     console.log(form.value.title);     this.advertService.updateAdvert(this.id, form.value.title, form.value.content, form.value.make, form.value.model, form.value.color, form.value.price, form.value.milage, form.value.doors, form.value.year, null);     console.log("succes");     form.resetForm();   } 

Update function in advert.service.ts:

  updateAdvert(id: string, title: string, content: string, make: string, model: string, color: string, price: number, milage: number, doors: number, year: number, addedOn: any){     const advert: Advert = {_id: id, title: title, content: content, make: make, model: model, color: color, price: price, milage: milage, doors: doors, year: year, addedOn: null};     this.http.put("localhost:3000/api/adverts/" + id, advert)       .subscribe(response => console.log(response));   } 

Express endpoint in app.js:

    app.put("/api/adverts/:id", (req, res, next)=>{     const advert = new Advert({         _id: req.body.id,         title: req.body.title,         content: req.body.content,         make: req.body.make,         model: req.body.model,         color: req.body.color,         price: req.body.price,         milage: req.body.milage,         doors: req.body.doors,         year: req.body.year     })     Advert.updateOne({_id: req.params.id}, advert).then(result => {         console.log(result);         res.status(200).json({message: "succesful"});     }); }); 

Setting Headers in app.js:

app.use((req, res, next) => {      res.setHeader("Access-Control-Allow-Origin", "localhost:3000");     res.setHeader(         "Access-Control-Allow-Headers",         "Origin, X-Requested-With, Content-Type, Accept"     );     res.setHeader(         "Access-Control-Allow-Methods",         "GET, POST, PATCH, PUT, DELETE, OPTIONS"     );     next(); }); 

It seems to be a CORS problem, but I can GET, POST and DELETE records in the database, but updating throws these errors.