Go to your s3 bucket and go to Permissions and then CORS configuration.
You can edit and paste the following snippet after replacing __PRODUCTION_DOMAIN__ and __LOCAL_DOMAIN__ with the real domains.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*__PRODUCTION_DOMAIN__</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>__LOCAL_DOMAIN__</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>Go to your Cloudfront distribution and then go to Behavior tab select the default and edit.
Make sure Allowed HTTP Methods are GET, HEAD, OPTIONS and Cached HTTP Methods have OPTIONS checked.
Then Cache Based on Selected Request Headers should have whitelist selected.
This should enable to edit the Whitelist Headers.
Access-Control-Request-Headers, Access-Control-Request-Method, Origin should be all whitelisted.
Now an invalidation of the cached files should do the trick. Mind that it may take a few minutes for the cache to expire.