diff --git a/src/main/java/com/runningmate/backend/config/SecurityConfiguration.java b/src/main/java/com/runningmate/backend/config/SecurityConfiguration.java
index 6e53e6d..4aaf49e 100644
--- a/src/main/java/com/runningmate/backend/config/SecurityConfiguration.java
+++ b/src/main/java/com/runningmate/backend/config/SecurityConfiguration.java
@@ -13,6 +13,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@@ -39,8 +40,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         httpBasic.disable())
                 .csrf((csrf) ->
                         csrf.disable())
-                .cors((cors) ->
-                        cors.disable())
+                .cors(Customizer.withDefaults())
                 .sessionManagement((sessionManagement) ->
                         sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(((authorizeRequest) ->
diff --git a/src/main/java/com/runningmate/backend/config/WebConfig.java b/src/main/java/com/runningmate/backend/config/WebConfig.java
new file mode 100644
index 0000000..966d1a6
--- /dev/null
+++ b/src/main/java/com/runningmate/backend/config/WebConfig.java
@@ -0,0 +1,18 @@
+package com.runningmate.backend.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins("*")  // Allow all origins
+                .allowedMethods("*")  // Allow all methods (GET, POST, etc.)
+                .allowedHeaders("*") // Allow all headers
+                .allowCredentials(true);
+    }
+}