diff --git a/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java b/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java
index 9c6286af..88cab87c 100644
--- a/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java
+++ b/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java
@@ -5,6 +5,7 @@
 import io.oeid.mogakgo.domain.auth.jwt.JwtAuthenticationFilter;
 import io.oeid.mogakgo.domain.auth.oauth.GithubOAuth2UserService;
 import io.oeid.mogakgo.domain.auth.oauth.OAuth2AuthenticationSuccessHandler;
+import java.util.Collections;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -17,6 +18,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
 
 @EnableWebSecurity
 @Configuration
@@ -44,6 +46,15 @@ public SecurityConfig(GithubOAuth2UserService oAuth2UserService,
     SecurityFilterChain filterChainApi(HttpSecurity http) throws Exception {
         configureCommonSecuritySettings(http);
         return http
+            .cors(corsCustomizer -> corsCustomizer.configurationSource(request -> {
+                CorsConfiguration config = new CorsConfiguration();
+                config.setAllowedOrigins(Collections.singletonList("*"));
+                config.setAllowedMethods(Collections.singletonList("*"));
+                config.setAllowCredentials(true);
+                config.setAllowedHeaders(Collections.singletonList("*"));
+                config.setMaxAge(3600L); //1시간
+                return config;
+            }))
             .securityMatchers(matchers -> matchers.requestMatchers("/api/**"))
             .sessionManagement(
                 management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
@@ -71,7 +82,6 @@ public SecurityFilterChain filterChainOAuth2(HttpSecurity http) throws Exception
     private void configureCommonSecuritySettings(HttpSecurity httpSecurity) throws Exception {
         httpSecurity
             .httpBasic(AbstractHttpConfigurer::disable)
-            .cors(AbstractHttpConfigurer::disable)
             .csrf(AbstractHttpConfigurer::disable)
             .formLogin(AbstractHttpConfigurer::disable)
             .rememberMe(AbstractHttpConfigurer::disable)