You're right, it's the response not the request that gets blocked.
What's even worse, modern browsers will make an OPTIONS "preflight request" if you try to make a non-simple cross-origin request with XHR, whether with or without CORS. The actual GET or POST request might be blocked, but OPTIONS always goes through. So if your webapp doesn't distinguish between GET and OPTIONS, and if your GET actions have side effects, you're in for a nasty surprise!
What's even worse, modern browsers will make an OPTIONS "preflight request" if you try to make a non-simple cross-origin request with XHR, whether with or without CORS. The actual GET or POST request might be blocked, but OPTIONS always goes through. So if your webapp doesn't distinguish between GET and OPTIONS, and if your GET actions have side effects, you're in for a nasty surprise!