Hi
Setting the CORS header is a major headache. Most of the time, nothing happens, two headers will be applied or the wrong header will be applied.
I have set a CORS header for nginx (example.com and example2.com for privacy reasons):
add_header 'Access-Control-Allow-Origin'...