Laravel 8 Cors - Dynamically Set allowed_origins from database whitelist

I am building a SAAS platform that requires a (growing) whitelist of domains to be able to access it;

I understand that CORS should not be considered a fool proof security technique (as anyone can spoof the ORGIN header in CURL etc).

Without going into full detail, the data being submitted to my API will be from publicly viewable embedded forms. My use case it to try and prevent the average user from abusing / spamming my API.

Basically, in Laravel 8 we have within cors.php, the following setting

  'allowed_origins' => ['*'],

What I need to be able to do in Pseudo code terms is this

  'allowed_origins' => Whitelist::all()->pluck('domain')->toArray(),

Is there an easy way to do this, or am I going to have to overide the Vendor/Fruitcake handle code?

The whitelist of domains has to come from the database, or cached memory. A hard coded config file will not work as the list will continue to grow.