diff --git a/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java b/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java
index a917c93..fe7a10f 100644
--- a/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java
+++ b/src/main/java/com/travelcompass/api/global/config/WebSecurityConfig.java
@@ -12,6 +12,11 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.intercept.AuthorizationFilter;
 import lombok.RequiredArgsConstructor;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 @RequiredArgsConstructor
 @Configuration
@@ -63,4 +68,14 @@ protected SecurityFilterChain securityFilterChain(
 
         return http.build();
     }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000", "https://travel-compass.netlify.app"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
\ No newline at end of file