Is it possible to send back "access-control-allow-origin: *" using corsPolicy

I tried using

corsPolicy:
      allowOrigins:
      - exact: "*"

or

corsPolicy:
      allowOrigins:
      - regex: ".*"

I do get whatever Origin header name back as value of access-control-allow-origin, but our goal is to get the value “*” for some specific URLs.
Is it possible with corsPolicy?

Thanks!