Simple CorsFeature question

Is there any way to specify all headers and all methods are allowed in the CorsFeature? I’ve had a good look and can’t see anything mentioning this. I’d like to do something similar to the aspnet core methods CorsPolicyBuilder.AllowAnyHeader() and CorsPolicyBuilder.AllowAnyMethod().

I’ve tried to use an asterisk but that didn’t seem to work. I’d also understand if it wasn’t allowed to promote an explicit allowed list as a best practice.

Uses the expected * wildcard:

Likewise for AllowAnyMethod().

Here’s the defaults for CorsFeature:

Specifying an explicit whitelist for allowOrigins is preferred in order to reply with an explicit Access-Control-Alow-Origin header but I’ve not heard of the other headers requiring explicit lists.