diff --git a/server-profile-submodule b/server-profile-submodule
index cf04207e..633220a8 160000
--- a/server-profile-submodule
+++ b/server-profile-submodule
@@ -1 +1 @@
-Subproject commit cf04207e53f2f66a5b152e5ee0709ceb58f9fdb5
+Subproject commit 633220a8e112175ed1830c0ac9b070242ad52430
diff --git a/src/main/kotlin/com/celuveat/common/adapter/in/rest/CorsConfig.kt b/src/main/kotlin/com/celuveat/common/adapter/in/rest/CorsConfig.kt
index 0634ee92..6b895b4a 100644
--- a/src/main/kotlin/com/celuveat/common/adapter/in/rest/CorsConfig.kt
+++ b/src/main/kotlin/com/celuveat/common/adapter/in/rest/CorsConfig.kt
@@ -1,5 +1,6 @@
 package com.celuveat.common.adapter.`in`.rest
 
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpHeaders.AUTHORIZATION
 import org.springframework.http.HttpMethod.DELETE
@@ -12,10 +13,13 @@ import org.springframework.web.servlet.config.annotation.CorsRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 
 @Configuration
-class CorsConfig : WebMvcConfigurer {
+class CorsConfig(
+    @Value("\${cors.allowed_origins}")
+    private val allowedOrigins: Set<String>,
+) : WebMvcConfigurer {
     override fun addCorsMappings(registry: CorsRegistry) {
         registry.addMapping("/**")
-            .allowedOrigins("http://localhost:3000")
+            .allowedOrigins(*allowedOrigins.toTypedArray())
             .allowedMethods(
                 OPTIONS.name(),
                 GET.name(),