diff --git a/src/main/java/com/example/parking/config/WebMvcConfig.java b/src/main/java/com/example/parking/config/WebMvcConfig.java
index 7ed2259c..36da6a9c 100644
--- a/src/main/java/com/example/parking/config/WebMvcConfig.java
+++ b/src/main/java/com/example/parking/config/WebMvcConfig.java
@@ -6,6 +6,7 @@
 import io.swagger.v3.oas.models.PathItem;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
@@ -19,6 +20,9 @@ public class WebMvcConfig implements WebMvcConfigurer {
     private final AuthInterceptor authInterceptor;
     private final AuthArgumentResolver authArgumentResolver;
 
+    @Value("${cors.allowedOrigins}")
+    private String[] allowedOrigins;
+
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(authInterceptor)
@@ -40,8 +44,7 @@ public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers)
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                // todo 수정 필요
-                .allowedOrigins("*")
+                .allowedOrigins(allowedOrigins)
                 .allowedMethods(
                         PathItem.HttpMethod.OPTIONS.name(),
                         PathItem.HttpMethod.GET.name(),
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 614ab88b..ec3a02f9 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -29,3 +29,7 @@ kakao:
   key: ${KAKAO_API_KEY:kakao}
 seoul-public-parking-key: ${SEOUL_API_KEY:seoul}
 pusan-public-parking-key: ${PUSAN_API_KEY:pusan}
+
+# Allow origin
+cors:
+  allowedOrigins: ${ORIGIN:http://localhost:3000}
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
index 639fdc28..dfcd4b4d 100644
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -38,3 +38,6 @@ pusan-public-parking-key: test
 
 authcode:
   expired-time: 60
+
+cors:
+  allowedOrigins: http://localhost:3000