Set access-control-allow-origin header on font files

I’m trying to add an access-control-allow-origin header for the font files on my site so they can be accessed by an external site.
My app is a Remix app which only lets me set headers for routes of the app with HTML of some kind, not direct file links.
I also don’t want to use an asterisk, I would prefer to set multiple domains as a whitelist.
Is it possible to set this on Fly or do I need to upload them to a separate CDN?

You can’t set Cache-Control directly on Fly, but you might be able to customize Remix to do it, like it’s done here: at 5fc80afdadd686480714478eea36cde131166e0e · kentcdodds/ · GitHub

Thanks @jsierles. I did some investigating after your comment to see why I couldn’t do as that example showed, it seems that the starter for Remix and the version used on are different, the first using remix serve, and the second using express. It’s express that adds the functionality to do as per that example, and it doesn’t seem to be possible with remix serve.