[BUG] Assets are missing CORS headers (access-control-allow-origin)

[SamyPesse]

Describe the bug

We use assetPrefix to serve the static assets from a single domain for our multi-domain application.

When deploying Next.js to Vercel, access-control-allow-origin: * is being returned to HEAD requests to the assets.
When deploying with OpenNext on Cloudflare, no such header is returned. It prevents our client side from fetching certain resources stored as assets.

Steps to reproduce

1. Store a file in the public/ directory
2. Set assetPrefix to a custom domain also configured on the Cloudflare Worker
3. Deploy the application with OpenNext on the Cloudflare Worker
4. Try loading the assets from the client side from the other domain
5. Notice it fails with a CORS error

Expected behavior

OpenNext should set a access-control-allow-origin: * on these assets, similar to how Vercel does

@opennextjs/cloudflare version

1.0.0-beta.3

Wrangler version

3.112.0

next info output

No relevant here

Additional context

No response

[SamyPesse]

Related to this, it looks like the headers configuration is not working when applied on static assets (also related to #107). OpenNext doesn't generate a _headers file like next-on-pages was doing (https://github.com/cloudflare/next-on-pages/blob/3d84ab0096258febb88193c4b9d269ecbaf1b19b/packages/next-on-pages/src/buildApplication/buildMetadataFiles.ts#L47-L55).

By creating a custom _headers file in the public directory, I was able to work around the problem.

[conico974]

headers are not applied to static assets at the moment, we'd need to implement this opennextjs/opennextjs-aws#707 for it to work.
I don't think we should create this file automatically from the headers config, it will lack too much of the options in headers like has or missing.

I guess for now we could just add something in the docs about that