CORS error persists in oAuth even after setting header

Okay, so to generate the state param I can use some function/ npm package that can convert my app’s state to encoded string, right?