Am I missing something?

I have this code below:

const microCors = require('micro-cors')
const { send } = require('micro')

const cors = microCors({ origin: 'https://google.com' })

const handler = (req, res) => {
  console.log('> RUN')
  send(res, 200, 'OK')
}

module.exports = cors(handler)

If I make a request in the client-side I receive a cors warning in my console, but still the code inside handler runs, it's not blocked. If I'm not making a request from https://google.com, the code shouldn't run and I should receive a warning in the client-side, right?