diff --git a/dateroad-api/src/main/java/org/dateroad/auth/config/SecurityConfig.java b/dateroad-api/src/main/java/org/dateroad/auth/config/SecurityConfig.java
index a57fabc7..2420e921 100644
--- a/dateroad-api/src/main/java/org/dateroad/auth/config/SecurityConfig.java
+++ b/dateroad-api/src/main/java/org/dateroad/auth/config/SecurityConfig.java
@@ -1,5 +1,6 @@
 package org.dateroad.auth.config;
 
+import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.dateroad.auth.exception.ExceptionHandlerFilter;
 import org.dateroad.auth.exception.JwtAuthenticationEntryPoint;
@@ -14,6 +15,9 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 @RequiredArgsConstructor
 @EnableWebSecurity
@@ -38,6 +42,7 @@ public class SecurityConfig {
     public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
         return httpSecurity
                 .csrf(AbstractHttpConfigurer::disable)
+                .cors(cors-> cors.configurationSource(corsConfigurationSource()))
                 .formLogin(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)
                 .sessionManagement(sessionManagementConfigurer ->
@@ -55,6 +60,24 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                 .addFilterBefore(exceptionHandlerFilter, JwtAuthenticationFilter.class)
                 .build();
     }
+    @Bean
+    protected CorsConfigurationSource corsConfigurationSource() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", getDefaultCorsConfiguration());
+
+        return source;
+    }
+
+    private CorsConfiguration getDefaultCorsConfiguration() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(List.of("*"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowedMethods(List.of("*"));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        return configuration;
+    }
 
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {