diff --git a/packages/backend/src/main.ts b/packages/backend/src/main.ts
index c1898014..46719d84 100644
--- a/packages/backend/src/main.ts
+++ b/packages/backend/src/main.ts
@@ -1,10 +1,11 @@
 import { NestFactory } from '@nestjs/core';
-import { AppModule } from './app.module';
 import { Logger, VersioningType } from '@nestjs/common';
-import { AllExceptionsFilter } from './common/filters/all-exceptions.filter';
 import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger';
 import { IoAdapter } from '@nestjs/platform-socket.io';
 import { WsAdapter } from '@nestjs/platform-ws';
+import { AllExceptionsFilter } from './common/filters/all-exceptions.filter';
+import { AppModule } from './app.module';
+
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
 
@@ -23,14 +24,22 @@ function configureGlobalSettings(app: any) {
   app.useGlobalFilters(new AllExceptionsFilter());
   app.useWebSocketAdapter(new WsAdapter(app));
   app.enableCors({
-    origin: [
-      'http://www.honeyflow.life',
-      'https://www.honeyflow.life',
-      'http://localhost',
-      'http://localhost:5173',
-    ],
+    origin: (origin, callback) => {
+      const allowedOrigins = [
+        'http://www.honeyflow.life',
+        'https://www.honeyflow.life',
+        'http://localhost',
+        'http://localhost:5173',
+      ];
+      if (!origin || allowedOrigins.includes(origin)) {
+        callback(null, origin);
+      } else {
+        callback(new Error('Not allowed by CORS'));
+      }
+    },
     methods: 'GET, POST, PUT, DELETE',
     allowedHeaders: 'Content-Type, Authorization',
+    credentials: true,
   });
   app.enableVersioning({
     type: VersioningType.URI,
diff --git a/packages/frontend/nginx.conf b/packages/frontend/nginx.conf
index 2a141dbc..6a4016e5 100644
--- a/packages/frontend/nginx.conf
+++ b/packages/frontend/nginx.conf
@@ -32,9 +32,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        add_header Access-Control-Allow-Origin *;  
-        add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';  
-        add_header Access-Control-Allow-Headers 'Origin, Content-Type, Accept, Authorization';  
+        add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
+        add_header Access-Control-Allow-Headers 'Origin, Content-Type, Accept, Authorization';
     }
     # Backend Socket 설정
     location /ws/ {
@@ -45,9 +44,9 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        add_header Access-Control-Allow-Origin *;  
-        add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';  
-        add_header Access-Control-Allow-Headers 'Origin, Content-Type, Accept, Authorization';  
+        add_header Access-Control-Allow-Origin *;
+        add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
+        add_header Access-Control-Allow-Headers 'Origin, Content-Type, Accept, Authorization';
     }
 
     location /kibana/ {