How can I replace Access-Control-Allow-Origin header in proxy response with nginx
this works without extra nginx modules
proxy_hide_header 'access-control-allow-origin';
add_header 'access-control-allow-origin' '*';
The best thing to do would be to change the response on the REST server side, but, assuming you don't have control of the REST server, there is a module for Nginx that can modify headers called ngx_headers_more: https://github.com/openresty/headers-more-nginx-module
You'll have to install the module (this will likely involve building nginx from source and adding the module in ./configure, as described in the github readme). For your specific problem, once you install it you can add this directive in any block
more_set_headers "Access-Control-Allow-Origin: $cors_header"