Every time I make a request from an external URL, and CORS preflight is in play, I get the following error in the Developer Console:
Access to fetch at 'https://my-endpoint.net/foo' from origin 'https://my-other-endpoint.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Ideally we can set this once and be done - setting it on each vs will cause complications for us.