AWS Lambda Function URL CORS not filtering origins

I created a lambda function, the backend is working perfectly, once we created the function URL with permission lambda:invokeFunctionUrl everything was working fine as well, but we tried to limit origins using CORS configuration, it seems if you try to filter out origins, it doesn't work, even if we have CORS activated, we can make requests from any other origin. Does anyone knows how to apply CORS in this case? I've seen a tons of examples but they all used "*" a wildcard to accept every origin, which is not safe at all. Haven't been able to see any working example It seems CORS isn't considered, in the following response we curl from a remote server that is not considered in the origin ( access-control-allow-origin: https://now-u-test.myshopify.com )

* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 19 Oct 2022 02:53:00 GMT
< Content-Type: application/json
< Content-Length: 1069
< Connection: keep-alive
< x-amzn-RequestId: dd02808b-ace6-4a6f-91ff-f03080e31b39
< access-control-allow-origin: https://now-u-test.myshopify.com
< access-control-allow-headers: Content-Type
< access-control-allow-methods: OPTIONS,POST,GET
< X-Amzn-Trace-Id: root=1-634f668c-7b7c368d28a3c35335946d59;sampled=0
<
* Connection #0 to host 2gxwnzl5cj7uqre4ns5fsfsa5e0ypxog.lambda-url.us-east-2.on.aws left intact