I wanted to use SERAPHIM as just a JSON API endpoint but I was running into the CORS issue. I though I had fixed it with the Access-Control-Allow-Origin and company headers but I was still getting a cors blocked error in Firefox.
I realized that Firefox was sending a cors preflight request with the method OPTIONS. This request was what was enabling or disabling cors. I wasn' handling the options request type and so I added that in to SERAPHIM and then I was able to make cross origin requests.
Slowly learning more and more as I implement more sites using SERAPHIM.