While I agree that he should have some knowledge about the CORS issue, I disagree that it's a backend problem.
It's the engineering/architecture problem. There's no reason why you couldn't build a proxy on the same domain as your front end app and proxy the request to the backend.
It sounds like his interface (API) was built before you even started consuming it. Maybe adding such headers increased the scope of complexity for his API and tests. I don't know the circumstances, but I disagree the fix HAS to be on his end.
It's the engineering/architecture problem. There's no reason why you couldn't build a proxy on the same domain as your front end app and proxy the request to the backend.
It sounds like his interface (API) was built before you even started consuming it. Maybe adding such headers increased the scope of complexity for his API and tests. I don't know the circumstances, but I disagree the fix HAS to be on his end.