You shouldn’t need this as allowing * is the current default. Generally CORs issues like this come from the frontend sending improper request headers in which Strapi will only respond with what it can support.
If the request headers don’t match the response headers then frontend stacks will generally throw an error like you are seeing. We will need to do know what you are sending to help.