Ok so for anyone else who ends up here, the redirects
syntax:
[[redirects]]
from = "/api/*"
to = "https://api.example.com/:splat"
status = 200
headers = {Access-Control-Allow-Origin = "*"}
is for setting a request header sent to the remote server, not a response header returned to the client.
That makes sense, and it is clear in the docs, I just misinterpreted it.
As for the headers
syntax:
[[headers]]
for = "/api/*"
[headers.values]
Access-Control-Allow-Origin = "*"
I still think this should work, but it seems like Netlify just doesn’t support injecting headers into proxied requests.
It would be good if that was made clear in the docs, or even better, if Netlify could add support for injecting headers to proxied requests.