With the hype on REST API, not providing a way to toggle CORS, seems to be a big miss from Flywheel.
It there any chance you are going to add this feature without suggesting users to play with the configuration files (provided that it’s even possible) every time they need this feature?
Accessing the API from the same site is not a problem and won’t cause any CORS issue.
I was trying to develop the REST client as a separate ReactJS app, using webpack-dev-server which creates a simple web server for development purposes in localhost:8080.
Now I’m developing the client as part of the same site (basically, as a feature plugin which has both the client and server logic), so everything runs on the same server.
However, this is not the ideal environment for me, as I prefer isolating the two things: the ReactJS does not need the WP site to run, except for when calling the REST API, for which I have the CORS problem.