diff --git a/src/main/java/com/yello/server/domain/authorization/configuration/SecurityConfiguration.java b/src/main/java/com/yello/server/domain/authorization/configuration/SecurityConfiguration.java
index 14bc887d..058e9b07 100644
--- a/src/main/java/com/yello/server/domain/authorization/configuration/SecurityConfiguration.java
+++ b/src/main/java/com/yello/server/domain/authorization/configuration/SecurityConfiguration.java
@@ -8,6 +8,7 @@
 import com.yello.server.domain.authorization.service.TokenProvider;
 import com.yello.server.domain.user.repository.UserRepository;
 import com.yello.server.global.exception.ExceptionHandlerFilter;
+import java.util.Arrays;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -16,6 +17,9 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 @Configuration
 @EnableWebSecurity
@@ -27,6 +31,17 @@ public class SecurityConfiguration {
     private final TokenProvider tokenProvider;
     private final UserRepository userRepository;
 
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("*"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
         return httpSecurity
@@ -37,7 +52,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                 httpSecurityCsrfConfigurer.disable();
             })
             .cors(httpSecurityCorsConfigurer -> {
-                httpSecurityCorsConfigurer.disable();
+                httpSecurityCorsConfigurer.configurationSource(corsConfigurationSource());
             })
             .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                 authorizationManagerRequestMatcherRegistry