diff --git a/internal/middlewares/cors.go b/internal/middlewares/cors.go
index b3470b1..c7752ef 100644
--- a/internal/middlewares/cors.go
+++ b/internal/middlewares/cors.go
@@ -11,8 +11,8 @@ import (
 func CORSMiddleware() gin.HandlerFunc {
 	logger.Info.Print("Applying CORS")
 	return cors.New(cors.Config{
-		AllowOrigins: []string{config.BaseURL, "http://localhost:8080"}, // Add your frontend URL(s)
-		AllowMethods: []string{"GET", "POST"},                           // "PUT", "PATCH", "DELETE", "OPTIONS"},
+		AllowOrigins: []string{config.Site.AllowOrigins},
+		AllowMethods: []string{"GET", "POST"}, // "PUT", "PATCH", "DELETE", "OPTIONS"},
 		AllowHeaders: []string{"Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With"},
 		// ExposeHeaders:    []string{"Content-Length"},
 		AllowCredentials: true,
diff --git a/internal/middlewares/cors_test.go b/internal/middlewares/cors_test.go
index 7d12ff5..e88a507 100644
--- a/internal/middlewares/cors_test.go
+++ b/internal/middlewares/cors_test.go
@@ -69,10 +69,10 @@ func TestCORSMiddleware(t *testing.T) {
 	}{
 		{
 			name:           "Allowed origin",
-			origin:         config.BaseURL,
+			origin:         config.Site.AllowOrigins,
 			expectedStatus: http.StatusOK,
 			expectedHeaders: map[string]string{
-				"Access-Control-Allow-Origin":      config.BaseURL,
+				"Access-Control-Allow-Origin":      config.Site.AllowOrigins,
 				"Content-Type":                     "text/plain; charset=utf-8",
 				"Access-Control-Allow-Credentials": "true",
 			},