Hi, I’ve added Access-Control-Allow-Origin = "*" to a few asset folders on our site (id: mdsite) but they simply refuses to get set. Other headers gets applied correctly, but no this one … the one for /fonts/* which I added a long time back, seems to work though. On a test netlify account pointing to another branch of the same repo, I also tried setting it in a _headers file, but no success with that either … the netlify.toml gets read correctly according to the build logs. Clear cache + build doesn’t help either. How can I fix this?
[[headers]]
for = "/*"
[headers.values]
Referrer-Policy = "same-origin"
X-Content-Type-Options = "nosniff"
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
[[headers]]
for = "/data/*"
[headers.values]
Access-Control-Allow-Origin = "*"
[[headers]]
for = "/fonts/*"
[headers.values]
Access-Control-Allow-Origin = "*"