I tend to only work in environments where I have full control over the server, so Cross-origin Resource Sharing (CORS) is never really an issue for any of the APIs I have control over, but it is a pervasive problem for APIs and with JSON files I come across on the web. This is one of the reasons I really enjoy the fact that I publish all of my JSON-driven, hacker-storytelling projects using GitHub Pages and Jekyll.
If I am publishing a JSON file publicly on the open Internet, I want it to be accessible from anywhere. CORS has to be default. The speed and agility at which I'm able to ingest and work with APIs, JSON files, and the OpenAPI Spec indexes they contain, sets me up for some serious nimbleness across my work.
If you are working with open data on the web, make sure and consider CORS enablement by default when working with your JSON data on GitHub. It will make your life easier, as well as anyone else who will be looking to consume the valuable data you are putting out there.