There is no need to configure the cors middleware because by default the middleware should set the CORS headers (Including Access-Control-Allow-Origin : * ).
The problem is the Strapi itself. “No CORS Headers” is a reported and confirmed bug: Issue#14357.
And surprisingly looks like no one is caring about this Major bug rendering cors middleware completely useless. Let’s hope they fix this ASAP !!