diff --git a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
index b6f6a8d..fbfc56a 100644
--- a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
+++ b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
@@ -1,7 +1,5 @@
 package com.helpmeCookies.global.security;
 
-import static org.springframework.security.config.Customizer.*;
-
 import java.util.Arrays;
 
 import org.springframework.context.annotation.Bean;
@@ -42,6 +40,7 @@ public WebSecurityCustomizer configure() {
 
 	@Bean
 	public SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity http) throws Exception {
+		http.cors((cors) -> cors.configurationSource(corsConfigurationSource()));
 		http
 			.securityMatcher("/oauth2/**")
 			.csrf(AbstractHttpConfigurer::disable)
@@ -73,7 +72,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http.csrf(AbstractHttpConfigurer::disable);
 		http.sessionManagement((session) -> session
 			.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
-		http.cors(withDefaults());
+		http.cors((cors) -> cors.configurationSource(corsConfigurationSource()));
 
 		http.authorizeHttpRequests((authorize) ->
 			authorize
@@ -100,6 +99,19 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		return http.build();
 	}
 
+	@Bean
+	public CorsConfigurationSource corsConfigurationSource() {
+		CorsConfiguration configuration = new CorsConfiguration();
+		configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","http://localhost:3000"));
+		configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+		configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"));
+		configuration.setAllowCredentials(true);
+
+		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		source.registerCorsConfiguration("/**", configuration);
+		return source;
+	}
+
 	@Bean
 	public BCryptPasswordEncoder bCryptPasswordEncoder() {
 		return new BCryptPasswordEncoder();