When I use redirect:

response.headers.location = "https://baidu.com"
response.headers.accessControlAllowOrigin = "*"

but also:

Cross-origin redirection to http://www.baidu.com/ denied by Cross-Origin Resource Sharing policy: Origin https://localhost:9000 is not allowed by Access-Control-Allow-Origin.

Hi,

I'm not really familiar with redirect scenarios when it comes to CORS. You might have to set a few extra headers like:
Access-Control-Allow-Headers and Access-Control-Allow-Methods

Hope that helps!