Unable to combine RewriteRule and Header set

Question

Trying to implement the following:

RewriteRule \.ttf$ - [E=cors:1]
Header set Access-Control-Allow-Origin "*.example.com" env=cors:1
Header set Access-Control-Allow-Origin "*.sadface.com" env=!cors:1 

Then requesting:

$ curl -I http://www.example.com/font.ttf
...
Access-Control-Allow-Origin: *.sadface.com

UPDATE

Thanks to Jenny D I've figured out that the rewrite rules elsewhere were doing a local redirect to index.php so I've modified to the following:

# Set CORS domain for fonts.
RewriteCond %{QUERY_STRING} \.ttf
RewriteRule ^(.*)$ $1 [E=cors:1]
Header set Access-Control-Allow-Origin "*.example.com" env=cors:1
Header set Access-Control-Allow-Origin "*.sadface.com" env=!cors:1

This provides the following log entry:

RewriteCond: input='q=font.ttf' pattern='\\.ttf' => matched

Despite this however I'm still getting Access-Control-Allow-Origin: *.sadface.com

UPDATE 2:

Looks like env=cors:1 isn't doing what I expect, changing to the following fixed the issue:

Header set Access-Control-Allow-Origin "*.example.com" env=cors

Answer 1

Due to being a Drupal site, all non-file/directory requests were redirecting to index.php?q=$1. I instead needed to evaluate the query string, as per the following:

# Set CORS domain for fonts.
RewriteCond %{QUERY_STRING} \.ttf
RewriteRule ^(.*)$ $1 [E=cors:1]
Header set Access-Control-Allow-Origin "*.example.com" env=cors