Can't allow certain files via "_headers"

SIte name: avi12.com
I’m trying to allow the website apps.jeurissen.co access this changelog file, which fails due to the lack of proper CORS configuration.
However, it can access the file when I run a temporary session with netlify dev --live (tested via the Chrome Dev Tools).

My _headers:

/data/extension/youtube-auto-hd/auto-hd-fps-for-youtube-changes.json
  Access-Control-Allow-Origin: https://apps.jeurissen.co

For a reference, this is the code I ran in the console to test:

const response = await fetch("https://avi12.com/data/extension/youtube-auto-hd/auto-hd-fps-for-youtube-changes.json");
await response.json();
// The browser would throw an error

It seems like I solved it by adding to netlify.toml:

[[headers]]
for = "/data/extension/youtube-auto-hd/auto-hd-fps-for-youtube-changes.json"
[headers.values]
Access-Control-Allow-Origin = "https://apps.jeurissen.co"

EDIT:
While it did solve the issue for fetching that specific file, now the user cannot enter the website’s products, as the URLs are resolved by the client

EDIT 2:
It seems like the issue is fixed - both the JSON can be fetched in the aforementioned site, and the server-side routing to /index.html is working

netlify.toml:

[build]
  base = "/"
  publish = "dist"
  command  = "yarn build"
  functions = "functions"

[[headers]]
  for = "/data/extension/youtube-auto-hd/auto-hd-fps-for-youtube-changes.json"
[headers.values]
  Access-Control-Allow-Origin = "https://apps.jeurissen.co"

[[redirects]]
  from = "/api/*"
  to = "/.netlify/functions/:splat"
  status = 200

[[redirects]]
  from = "/*"
  to = "/index.html"
  status = 200