diff --git a/src/main/java/com/helpmeCookies/global/config/WebConfig.java b/src/main/java/com/helpmeCookies/global/config/WebConfig.java
deleted file mode 100644
index f7f629d..0000000
--- a/src/main/java/com/helpmeCookies/global/config/WebConfig.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package com.helpmeCookies.global.config;
-import java.util.List;
-import lombok.RequiredArgsConstructor;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.method.support.HandlerMethodArgumentResolver;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-@Configuration
-@RequiredArgsConstructor
-public class WebConfig implements WebMvcConfigurer {
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-            .allowedOriginPatterns("*") // 허용할 도메인 (모든 도메인 허용: "*")
-            .allowedMethods("*") // 허용할 HTTP 메서드
-            .allowedHeaders("*") // 허용할 헤더
-            .allowCredentials(true); // 인증 정보 허용 여부
-    }
-}
\ No newline at end of file
diff --git a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
index 45759fb..41d97d2 100644
--- a/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
+++ b/src/main/java/com/helpmeCookies/global/security/WebSecurityConfig.java
@@ -98,9 +98,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	@Bean
 	public CorsConfigurationSource corsConfigurationSource() {
 		CorsConfiguration configuration = new CorsConfiguration();
-		configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","localhost:3000"));
+		configuration.setAllowedOrigins(Arrays.asList("http://1.618.s3-website.ap-northeast-2.amazonaws.com","http//localhost:3000"));
 		configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
-		configuration.setAllowedHeaders(Arrays.asList("*"));
+		configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"));
 		configuration.setAllowCredentials(true);
 
 		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();