302 Redirect not allowed even though origin header is correct

Question

I have client A (https://something.localtest.me:3002) making a request to backend B (https://something.localtest.me:8000/api/some_path).

Backend B responds with a 302 redirecting to client C (https://localtest.me:3006).

I control the code on all 3 systems. However Chrome is blocking with the following error:

Access to XMLHttpRequest at 'https://localtest.me:3006/some/path/123?token=blabla' (redirected from 'https://something.localtest.me:8000/api/some_path') from origin 'https://something.localtest.me:3002' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://something.localtest.me:3002' that is not equal to the supplied origin.

In C i set the Access-Control-Allow-Origin to equal https://something.localtest.me:3002 Clearly the origin is correct right ? Any idea what I am missing. (note: i also tried making the Access-Control-Allow-Origin in C equal the backend origin https://something.localtest.me:8000 but that also didn't work.

EDIT: I've made both B and C allow A and it still doesn't work.

In C i have in the next.config.js

async headers() {
  ....
  headers: [
    {key:'Access-Control-Allow-Origin': 'https://something.localtest.me:3002'} 
  ]
}

And in B i have

resp = HttpResponse(status=302)
resp['Access-Control-Allow-Origin'] = 'https://something.localtest.me:3002'
resp['Location']= https://localtest.me:3006

Getting the exact same error