Using wildcars within allowed_request_origins

Hi, we are using deploy previews for our PRs, and each one has its own subdomain.

Is it possible to use wildcards within the allowed_request_origins property?

Ideally we should be able to set something like https://*

No one? How do people work around this? No one uses deploy previews? People use deploy previews and just add allowed origins manually?