diff --git a/.env.sample b/.env.sample
index 1182794..0c6c2ef 100644
--- a/.env.sample
+++ b/.env.sample
@@ -28,7 +28,7 @@ DEBUG=True
 APP_TITLE=MokPyo
 APP_VERSION=1.0.0
 APP_DESCRIPTION=MokPyo
-APP_DOMAIN=localhost
+APP_DOMAIN=localhost # change in production with your domain (ex: mokpyo.com)
 
 # =========================
 # SERVER CONFIGURATION
diff --git a/app/core/config.py b/app/core/config.py
index e4e4d3f..f04bffb 100644
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -70,6 +70,10 @@ class Settings(BaseSettings):
     def database_url(self) -> str:
         return f"mysql+<driver>://{self.DATABASE_USER}:{self.DATABASE_PASSWORD}@{self.DATABASE_HOST}:{self.DATABASE_PORT}/{self.DATABASE_NAME}"
 
+    @property
+    def app_url(self) -> str:
+        return f"{'https' if settings.USE_SSL else 'http'}://{settings.APP_DOMAIN}{':' + str(settings.PORT) if (settings.PORT != 80 and settings.ENV == 'dev') else ''}"
+
     @property
     def access_token_expire(self) -> timedelta:
         return timedelta(minutes=self.ACCESS_TOKEN_EXPIRE_MINUTES)
diff --git a/app/main.py b/app/main.py
index 5bfd13a..f8048b3 100644
--- a/app/main.py
+++ b/app/main.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI
 from fastapi.responses import ORJSONResponse, JSONResponse, FileResponse
+from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
 from pathlib import Path
 
@@ -22,6 +23,14 @@ app = FastAPI(
     redoc_url=None if settings.ENV == "prod" else "/redoc",
 )
 
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[settings.app_url],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 # =========================
 # Static files
 # =========================