How can I replace Access-Control-Allow-Origin header in proxy response with nginx

this works without extra nginx modules

proxy_hide_header 'access-control-allow-origin';
add_header 'access-control-allow-origin' '*';

The best thing to do would be to change the response on the REST server side, but, assuming you don't have control of the REST server, there is a module for Nginx that can modify headers called ngx_headers_more: https://github.com/openresty/headers-more-nginx-module

You'll have to install the module (this will likely involve building nginx from source and adding the module in ./configure, as described in the github readme). For your specific problem, once you install it you can add this directive in any block

more_set_headers "Access-Control-Allow-Origin: $cors_header"