diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go
index 1147c8e5d..ae5ec259a 100644
--- a/internal/ingress/controller/template/template.go
+++ b/internal/ingress/controller/template/template.go
@@ -1680,7 +1680,7 @@ func convertGoSliceIntoLuaTable(goSliceInterface interface{}, emptyStringAsNil b
 
 func buildOriginRegex(origin string) string {
 	origin = regexp.QuoteMeta(origin)
-	origin = strings.Replace(origin, "\\*", "[A-Za-z0-9]+", 1)
+	origin = strings.Replace(origin, "\\*", `[A-Za-z0-9\-]+`, 1)
 	return fmt.Sprintf("(%s)", origin)
 }
 
diff --git a/test/e2e/annotations/cors.go b/test/e2e/annotations/cors.go
index c17eb0b20..64b633173 100644
--- a/test/e2e/annotations/cors.go
+++ b/test/e2e/annotations/cors.go
@@ -425,6 +425,7 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 	ginkgo.It("should allow - matching origin with wildcard origin (2 subdomains)", func() {
 		host := "cors.foo.com"
 		origin := "http://foo.origin.cors.com"
+		origin2 := "http://bar-foo.origin.cors.com"
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-cors":       "true",
 			"nginx.ingress.kubernetes.io/cors-allow-origin": "http://*.origin.cors.com, http://*.origin.com:8080",
@@ -447,6 +448,21 @@ var _ = framework.DescribeAnnotation("cors-*", func() {
 			Expect().
 			Status(http.StatusOK).Headers().
 			ValueEqual("Access-Control-Allow-Origin", []string{origin})
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin2).
+			Expect().
+			Headers().ContainsKey("Access-Control-Allow-Origin")
+
+		f.HTTPTestClient().
+			GET("/").
+			WithHeader("Host", host).
+			WithHeader("Origin", origin2).
+			Expect().
+			Status(http.StatusOK).Headers().
+			ValueEqual("Access-Control-Allow-Origin", []string{origin2})
 	})
 
 	ginkgo.It("should not allow - unmatching origin with wildcard origin (2 subdomains)", func() {