Update: Since publishing this post, the team continued adding Relay-GraphQL features into our app and came to the conclusion using a reverse proxy t0 avoid CORS altogether. A follow up has been posted here about setting up NGINX and serving a single page app painlessly on Heroku. A practical issue we are uncomfortable with is that tokens also sometimes get leaked by error reporting or logging serv
![Killing CORS Preflight Requests on a React SPA - AlphaSights Engineering](https://cdn-ak-scissors.b.st-hatena.com/image/square/20830e1ce289e1c905bb7a33a85172dbde7daae6/height=288;version=1;width=512/https%3A%2F%2Fmiro.medium.com%2Fmax%2F984%2F1%2AZoxflz2SpGOBUrt7t8EsXg.jpeg)