Feel free to edit the NGINX config page, because I have the solution. And it's rather important for all those wanting to use pihole with NGINX.
Bumped into this issue before, with nextcloud. It's related to the position of wide open CORS in the location directive. CORS headers should be set last, or they'll be re-defined using php.
Here's my (example) successful NGINX config for pi-hole, including all the include files and the core nginx.conf:
Note where the include CORS is set in the php location directive.