Yes, every Discourse site has its own CORS whitelist. I just added
https://webkitsandbox.netlify.app to “Allowed CORS origins” on communities.edgeryders.eu now, so that part should work now.
The installation of James’ forms software is well documented here. About your question it says (emphasis mine):
4. Enable and configure CORS in Discourse
The following steps have to be done in both Discourse instances (SSO provider and SSO client).
[…] Add the CORS origin. Add the domain that will host this Edgeryders Form Vue.js application to the cors_origins setting via the Discourse admin panel.