CORS Preflight is returning 405

Every time I make a request from an external URL, and CORS preflight is in play, I get the following error in the Developer Console:

Access to fetch at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Ideally we can set this once and be done - setting it on each vs will cause complications for us.

From Kiali, it looks like the request hits the ingress-gateway, but is blocked by the end service.