diff --git a/src/main/environment/ecd_ci.properties b/src/main/environment/ecd_ci.properties
index 95d8bcb..97cb177 100644
--- a/src/main/environment/ecd_ci.properties
+++ b/src/main/environment/ecd_ci.properties
@@ -29,4 +29,7 @@ logging.file.name=@env.ECD_API_LOGGING_FILE_NAME@
 springdoc.api-docs.enabled=@env.SWAGGER_DOC_ENABLED@
 springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@
 
-spring.redis.host=@env.REDIS_HOST@
\ No newline at end of file
+spring.redis.host=@env.REDIS_HOST@
+
+cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@
+
diff --git a/src/main/environment/ecd_example.properties b/src/main/environment/ecd_example.properties
index a09c459..db832a4 100644
--- a/src/main/environment/ecd_example.properties
+++ b/src/main/environment/ecd_example.properties
@@ -23,4 +23,6 @@ springdoc.swagger-ui.enabled=true
 jwt.secret=my-32-character-ultra-secure-and-ultra-long-secret
 #If both properties are set, only logging.file.name takes effect.
 logging.path=logs/
-logging.file.name=logs/ecd-api.log
\ No newline at end of file
+logging.file.name=logs/ecd-api.log
+
+cors.allowed-origins=http://localhost:*
\ No newline at end of file
diff --git a/src/main/java/com/iemr/ecd/config/WebConfiguration.java b/src/main/java/com/iemr/ecd/config/WebConfiguration.java
index cc9e54b..30343bc 100644
--- a/src/main/java/com/iemr/ecd/config/WebConfiguration.java
+++ b/src/main/java/com/iemr/ecd/config/WebConfiguration.java
@@ -24,13 +24,33 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Value;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @Configuration
 public class WebConfiguration implements WebMvcConfigurer {
 
+	private static final Logger logger = LoggerFactory.getLogger(WebConfiguration.class);
+
+	@Value("${cors.allowed-origins}")
+	private String allowedOrigins;
+
 	@Override
 	public void addCorsMappings(CorsRegistry registry) {
-		registry.addMapping("/**").allowedMethods("*");
-	}
+		String[] originPatterns = Arrays.stream(allowedOrigins.split(","))
+				.map(String::trim)
+				.toArray(String[]::new);
 
+		logger.info("Initializing CORS configuration with allowed origins: {}", Arrays.toString(originPatterns));
+
+		registry.addMapping("/**")
+				.allowedOriginPatterns(originPatterns)
+				.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+				.allowedHeaders("*")
+				.exposedHeaders("Authorization", "Jwttoken")
+				.allowCredentials(true)
+				.maxAge(3600);
+	}
 }
diff --git a/src/main/java/com/iemr/ecd/controller/associate/AutoPreviewDialingController.java b/src/main/java/com/iemr/ecd/controller/associate/AutoPreviewDialingController.java
index dcf712a..3a5ee4d 100644
--- a/src/main/java/com/iemr/ecd/controller/associate/AutoPreviewDialingController.java
+++ b/src/main/java/com/iemr/ecd/controller/associate/AutoPreviewDialingController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +47,6 @@
 
 @RestController
 @RequestMapping(value = "/autoPreviewDialing", headers = "Authorization")
-@CrossOrigin()
 public class AutoPreviewDialingController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryCallHistoryController.java b/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryCallHistoryController.java
index d95689f..1703fe7 100644
--- a/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryCallHistoryController.java
+++ b/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryCallHistoryController.java
@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -46,7 +46,6 @@
 
 @RestController
 @RequestMapping(value = "/callHistory", headers = "Authorization")
-@CrossOrigin()
 public class BeneficiaryCallHistoryController {
 	@Autowired
 	private BeneficiaryCallHistoryImpl beneficiaryCallHistoryImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryRegistrationController.java b/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryRegistrationController.java
index 4aa8c1d..2635cd2 100644
--- a/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryRegistrationController.java
+++ b/src/main/java/com/iemr/ecd/controller/associate/BeneficiaryRegistrationController.java
@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -43,14 +43,12 @@
 
 @RestController
 @RequestMapping(value = "/beneficary", headers = "Authorization")
-@CrossOrigin()
 
 public class BeneficiaryRegistrationController {
 
 	@Autowired
 	private BeneficiaryRegistrationServiceImpl beneficiaryRegistrationServiceImpl;
 
-	@CrossOrigin()
 	@PostMapping(value = "/registration", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Create beneficiary registration", description = "Desc - Create Beneficiary registration")
 	@ApiResponses(value = {
@@ -67,7 +65,6 @@ public ResponseEntity<Object> beneficiaryRegistration(@RequestBody RequestBenefi
 				HttpStatus.OK);
 	}
 
-	@CrossOrigin()
 	@PostMapping(value = "/updateBeneficiaryDetails", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Update beneficiary details", description = "Desc - Update Beneficiary details")
 	@ApiResponses(value = {
diff --git a/src/main/java/com/iemr/ecd/controller/associate/CallClosureController.java b/src/main/java/com/iemr/ecd/controller/associate/CallClosureController.java
index a22a5d7..1e9370a 100644
--- a/src/main/java/com/iemr/ecd/controller/associate/CallClosureController.java
+++ b/src/main/java/com/iemr/ecd/controller/associate/CallClosureController.java
@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -42,12 +42,10 @@
 
 @RestController
 @RequestMapping(value = "/closure", headers = "Authorization")
-@CrossOrigin()
 public class CallClosureController {
 	@Autowired
 	private CallClosureImpl callClosureImpl;
 
-	@CrossOrigin()
 	@PostMapping(value = "/closeCall", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Call closure", description = "Desc - Call closure")
 	@ApiResponses(value = {
diff --git a/src/main/java/com/iemr/ecd/controller/callallocation/CallAllocationController.java b/src/main/java/com/iemr/ecd/controller/callallocation/CallAllocationController.java
index 0ff7b98..fc93611 100644
--- a/src/main/java/com/iemr/ecd/controller/callallocation/CallAllocationController.java
+++ b/src/main/java/com/iemr/ecd/controller/callallocation/CallAllocationController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -50,7 +50,6 @@
 
 @RestController
 @RequestMapping(value = "/callAllocation", headers = "Authorization")
-@CrossOrigin()
 public class CallAllocationController {
 
 	@Autowired
@@ -127,7 +126,7 @@ public ResponseEntity<Object> reAllocateCalls(@RequestBody RequestCallAllocation
 	public ResponseEntity<String> updateAlerts(@RequestBody RequestCallAllocationDTO callAllocationDto) {
 		return new ResponseEntity<>(callAllocationImpl.moveAllocatedCallsToBin(callAllocationDto), HttpStatus.OK);
 	}
-	
+
 	@PostMapping(value = "/insertRecordsInOutboundCalls", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Insert Records In OutboundCalls", description = "Desc - Insert Records In OutboundCalls")
 	@ApiResponses(value = {
@@ -141,7 +140,7 @@ public ResponseEntity<String> insertRecordsInOutboundCalls(@RequestBody Outbound
 		return new ResponseEntity<>(callAllocationImpl.insertRecordsInOutboundCalls(outboundCallsDTO), HttpStatus.OK);
 
 	}
-	
+
 	@GetMapping(value = "/getEligibleRecordsLanguageInfo/{psmId}/{phoneNoType}/{recordType}/{fDate}/{tDate}/{preferredLanguage}/{role}", produces = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Fetch eligible Language records for allocation", description = "Desc - Fetch eligible records for allocation")
 	@ApiResponses(value = {
@@ -153,9 +152,12 @@ public ResponseEntity<String> insertRecordsInOutboundCalls(@RequestBody Outbound
 			@ApiResponse(responseCode = CustomExceptionResponse.BAD_REQUEST_SC_V, description = CustomExceptionResponse.BAD_REQUEST_SC) })
 	public ResponseEntity<ResponseEligibleCallRecordsDTO> getEligibleRecordsLanguageInfo(@PathVariable int psmId,
 			@PathVariable String phoneNoType, @PathVariable String recordType, @PathVariable String fDate,
-			@PathVariable String tDate, @PathVariable String preferredLanguage,@PathVariable String role) throws ECDException {
+			@PathVariable String tDate, @PathVariable String preferredLanguage, @PathVariable String role)
+			throws ECDException {
 		return new ResponseEntity<>(
-				callAllocationImpl.getEligibleRecordsLanguageInfo(psmId, phoneNoType, recordType, fDate, tDate, preferredLanguage,role), HttpStatus.OK);
+				callAllocationImpl.getEligibleRecordsLanguageInfo(psmId, phoneNoType, recordType, fDate, tDate,
+						preferredLanguage, role),
+				HttpStatus.OK);
 
 	}
 
diff --git a/src/main/java/com/iemr/ecd/controller/callallocation/CallConfigurationController.java b/src/main/java/com/iemr/ecd/controller/callallocation/CallConfigurationController.java
index 5307e0b..72991b8 100644
--- a/src/main/java/com/iemr/ecd/controller/callallocation/CallConfigurationController.java
+++ b/src/main/java/com/iemr/ecd/controller/callallocation/CallConfigurationController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,7 +48,6 @@
 
 @RestController
 @RequestMapping(value = "/callConfiguration", headers = "Authorization")
-@CrossOrigin()
 public class CallConfigurationController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java b/src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java
index b7718b0..3503d77 100644
--- a/src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java
+++ b/src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java
@@ -29,7 +29,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,7 +48,6 @@
 
 @RestController
 @RequestMapping(value = "/dataTemplate", headers = "Authorization")
-@CrossOrigin()
 public class DataTemplateController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/dataupload/DataUploadController.java b/src/main/java/com/iemr/ecd/controller/dataupload/DataUploadController.java
index e65d229..c345cfd 100644
--- a/src/main/java/com/iemr/ecd/controller/dataupload/DataUploadController.java
+++ b/src/main/java/com/iemr/ecd/controller/dataupload/DataUploadController.java
@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -41,7 +41,6 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 
 @RestController
-@CrossOrigin()
 public class DataUploadController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/masters/MastersController.java b/src/main/java/com/iemr/ecd/controller/masters/MastersController.java
index eced35c..6711330 100644
--- a/src/main/java/com/iemr/ecd/controller/masters/MastersController.java
+++ b/src/main/java/com/iemr/ecd/controller/masters/MastersController.java
@@ -26,7 +26,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -60,7 +60,6 @@
 
 @RestController
 @RequestMapping(value = "/master", headers = "Authorization")
-@CrossOrigin()
 public class MastersController {
 	@Autowired
 	private MasterServiceImpl masterServiceImpl;
@@ -234,11 +233,14 @@ public ResponseEntity<List<Gender>> getGender() {
 		return new ResponseEntity<>(masterServiceImpl.getGenders(), HttpStatus.OK);
 
 	}
+
 	@Operation(summary = "Get agents by role id and preferred language", description = "Fetches agents filtered by both role ID and their preferred language setting")
 	@GetMapping("/getAgentsByRoleIdAndPreferredLanguage/{roleId}/{preferredLanguage}")
 	public ResponseEntity<List<AgentsViewMaster>> getAgentsByRoleIdAndLanguage(
-			@RequestHeader(value = "Authorization") String authorization, @PathVariable Integer roleId, @PathVariable String preferredLanguage) {
-		return new ResponseEntity<>(masterServiceImpl.getAgentByRoleIdAndLanguage(roleId, preferredLanguage), HttpStatus.OK);
+			@RequestHeader(value = "Authorization") String authorization, @PathVariable Integer roleId,
+			@PathVariable String preferredLanguage) {
+		return new ResponseEntity<>(masterServiceImpl.getAgentByRoleIdAndLanguage(roleId, preferredLanguage),
+				HttpStatus.OK);
 
 	}
 }
diff --git a/src/main/java/com/iemr/ecd/controller/outboundworklist/CallStatisticsController.java b/src/main/java/com/iemr/ecd/controller/outboundworklist/CallStatisticsController.java
index 892cf53..05c71eb 100644
--- a/src/main/java/com/iemr/ecd/controller/outboundworklist/CallStatisticsController.java
+++ b/src/main/java/com/iemr/ecd/controller/outboundworklist/CallStatisticsController.java
@@ -25,7 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -42,7 +42,6 @@
 
 @RestController
 @RequestMapping(value = "/agent", headers = "Authorization")
-@CrossOrigin()
 public class CallStatisticsController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/outboundworklist/OutBoundWorklistController.java b/src/main/java/com/iemr/ecd/controller/outboundworklist/OutBoundWorklistController.java
index 0465259..dba679b 100644
--- a/src/main/java/com/iemr/ecd/controller/outboundworklist/OutBoundWorklistController.java
+++ b/src/main/java/com/iemr/ecd/controller/outboundworklist/OutBoundWorklistController.java
@@ -28,7 +28,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -48,7 +48,6 @@
 
 @RestController
 @RequestMapping(value = "/outbound-worklist", headers = "Authorization")
-@CrossOrigin()
 public class OutBoundWorklistController {
 
 	@Autowired
@@ -68,7 +67,7 @@ public ResponseEntity<String> getMotherWorklist(@PathVariable int userId) throws
 		ObjectMapper objectMapper = new ObjectMapper();
 		objectMapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
 		String resp = objectMapper.writeValueAsString(motherWorkList);
-		return  new ResponseEntity<>(resp,HttpStatus.OK);
+		return new ResponseEntity<>(resp, HttpStatus.OK);
 	}
 
 	@GetMapping(value = "/get-child-data/{userId}", produces = MediaType.APPLICATION_JSON_VALUE)
diff --git a/src/main/java/com/iemr/ecd/controller/quality/AgentQualityAuditorMappingController.java b/src/main/java/com/iemr/ecd/controller/quality/AgentQualityAuditorMappingController.java
index cf8dd50..fdc66a0 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/AgentQualityAuditorMappingController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/AgentQualityAuditorMappingController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +47,6 @@
 
 @RestController
 @RequestMapping(value = "/agentQualityAuditorMap", headers = "Authorization")
-@CrossOrigin()
 public class AgentQualityAuditorMappingController {
 	@Autowired
 	private AgentQualityAuditorMappingImpl agentQualityAuditorMappingImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/quality/ChartsController.java b/src/main/java/com/iemr/ecd/controller/quality/ChartsController.java
index d11aa8f..169e5c5 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/ChartsController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/ChartsController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -44,7 +44,6 @@
 
 @RestController
 @RequestMapping(value = "/charts", headers = "Authorization")
-@CrossOrigin()
 public class ChartsController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/quality/GradeConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/GradeConfigurationController.java
index 158f60b..da8a3ec 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/GradeConfigurationController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/GradeConfigurationController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +47,6 @@
 
 @RestController
 @RequestMapping(value = "/gradeConfiguration", headers = "Authorization")
-@CrossOrigin()
 public class GradeConfigurationController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditController.java b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditController.java
index b0575b2..ff7178c 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -55,7 +55,6 @@
 
 @RestController
 @RequestMapping(value = "/qualityAudit", headers = "Authorization")
-@CrossOrigin()
 public class QualityAuditController {
 	@Autowired
 	private QualityAuditImpl qualityAuditImpl;
@@ -76,7 +75,7 @@ public ResponseEntity<List<QualityAuditorWorklistResponseDTO>> getQualityAuditor
 				HttpStatus.OK);
 
 	}
-	
+
 	@PostMapping(value = "/getQualityAuditorWorklistDatewise", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Fetch quality auditor worklist according to date", description = "Desc - Fetch quality auditor worklist datewise")
 	@ApiResponses(value = {
@@ -89,7 +88,8 @@ public ResponseEntity<List<QualityAuditorWorklistResponseDTO>> getQualityAuditor
 	public ResponseEntity<List<QualityAuditorWorklistDatewiseResponseDTO>> getQualityAuditorWorklistDatewise(
 			@RequestBody QualityAuditorWorklistDatewiseRequestDTO qualityAuditorWorklistDatewiseRequestDTO) {
 
-		return new ResponseEntity<>(qualityAuditImpl.getQualityAuditorWorklistDatewise(qualityAuditorWorklistDatewiseRequestDTO),
+		return new ResponseEntity<>(
+				qualityAuditImpl.getQualityAuditorWorklistDatewise(qualityAuditorWorklistDatewiseRequestDTO),
 				HttpStatus.OK);
 
 	}
@@ -167,8 +167,7 @@ public ResponseEntity<Object> callReaudit(@RequestBody String requestOBJ) throws
 
 		return new ResponseEntity<>(qualityAuditImpl.callReaudit(jsnOBJ), HttpStatus.OK);
 	}
-	
-	
+
 	@PostMapping(value = "/getBeneficiaryCasesheet", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Fetch casesheet for beneficiary", description = "Desc - Fetch casesheet for beneficiary")
 	@ApiResponses(value = {
diff --git a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditQuestionConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditQuestionConfigurationController.java
index 37afddb..a0bee1d 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditQuestionConfigurationController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditQuestionConfigurationController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -48,7 +48,6 @@
 
 @RestController
 @RequestMapping(value = "/questionnaireConfiguration", headers = "Authorization")
-@CrossOrigin()
 public class QualityAuditQuestionConfigurationController {
 	@Autowired
 	private QualityAuditQuestionConfigurationImpl qualityAuditQuestionConfigurationImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditSectionConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditSectionConfigurationController.java
index 249eb91..29e3060 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditSectionConfigurationController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditSectionConfigurationController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +47,6 @@
 
 @RestController
 @RequestMapping(value = "/sectionConfiguration", headers = "Authorization")
-@CrossOrigin()
 public class QualityAuditSectionConfigurationController {
 	@Autowired
 	private QualityAuditSectionConfigurationImpl qualityAuditSectionConfigurationImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/quality/SampleSelectionConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/SampleSelectionConfigurationController.java
index b117ee0..11734b1 100644
--- a/src/main/java/com/iemr/ecd/controller/quality/SampleSelectionConfigurationController.java
+++ b/src/main/java/com/iemr/ecd/controller/quality/SampleSelectionConfigurationController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -47,7 +47,6 @@
 
 @RestController
 @RequestMapping(value = "/sampleSelectionConfiguration", headers = "Authorization")
-@CrossOrigin()
 public class SampleSelectionConfigurationController {
 	@Autowired
 	private SampleSelectionConfigurationImpl sampleSelectionConfigurationImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/questionare/EcdQuestionareController.java b/src/main/java/com/iemr/ecd/controller/questionare/EcdQuestionareController.java
index d359959..1a7d675 100644
--- a/src/main/java/com/iemr/ecd/controller/questionare/EcdQuestionareController.java
+++ b/src/main/java/com/iemr/ecd/controller/questionare/EcdQuestionareController.java
@@ -27,7 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -56,7 +56,6 @@
 
 @RestController
 @RequestMapping(value = "/Questionnaire", headers = "Authorization")
-@CrossOrigin()
 public class EcdQuestionareController {
 
 	@Autowired
@@ -88,7 +87,7 @@ public ResponseEntity<String> createQuestionnaires(@Valid @RequestBody List<Ques
 	public ResponseEntity<List<Questionnaire>> getQuestionnairesByPSMId(@PathVariable int psmId) {
 		return new ResponseEntity<>(questionareServiceImpl.getQuestionaresByProvider(psmId), HttpStatus.OK);
 	}
-	
+
 	@GetMapping(value = "/getQuestionnaires/{psmId}", produces = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Fetch questionnaire", description = "Desc - Fetch questionnaire")
 	@ApiResponses(value = {
@@ -226,7 +225,8 @@ public ResponseEntity<List<V_GetSectionQuestionMapping>> getQuestionnairesAndSec
 			@ApiResponse(responseCode = CustomExceptionResponse.BAD_REQUEST_SC_V, description = CustomExceptionResponse.BAD_REQUEST_SC) })
 	public ResponseEntity<List<V_GetSectionQuestionMappingAssociates>> getQuesAndSecMapAssociateByProvider(
 			@PathVariable int psmId, @PathVariable String ecdCallType, @PathVariable String role) {
-		return new ResponseEntity<>(questionareServiceImpl.getQuesAndSecMapAssociateByProvider(psmId, ecdCallType, role),
+		return new ResponseEntity<>(
+				questionareServiceImpl.getQuesAndSecMapAssociateByProvider(psmId, ecdCallType, role),
 				HttpStatus.OK);
 	}
 
@@ -258,7 +258,7 @@ public ResponseEntity<List<Questionnaire>> getUnMappedQuestionnaires(@PathVariab
 			@PathVariable int sectionId) {
 		return new ResponseEntity<>(questionareServiceImpl.getUnMappedQuestionnaires(psmId, sectionId), HttpStatus.OK);
 	}
-	
+
 	@PostMapping(value = "/createQuestionnairesMap", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Create questionnaire", description = "Desc - Create questionnaire")
 	@ApiResponses(value = {
@@ -272,7 +272,7 @@ public ResponseEntity<String> createQuestionnairesMap(@Valid @RequestBody MapQue
 
 		return new ResponseEntity<>(questionareServiceImpl.createQuestionnairesMap(questionnaireMap), HttpStatus.OK);
 	}
-	
+
 	@PostMapping(value = "/editQuestionnairesMap", produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Edit questionnnaire map", description = "Desc - Edit questionnnaire map")
 	@ApiResponses(value = {
@@ -285,7 +285,7 @@ public ResponseEntity<String> createQuestionnairesMap(@Valid @RequestBody MapQue
 	public ResponseEntity<String> editQuestionnairesMap(@RequestBody MapQuestion editMapQuestion) {
 		return new ResponseEntity<>(questionareServiceImpl.editQuestionnairesMap(editMapQuestion), HttpStatus.OK);
 	}
-	
+
 	@GetMapping(value = "/getMappedParentChildQuestionnaire/{psmId}", produces = MediaType.APPLICATION_JSON_VALUE)
 	@Operation(summary = "Fetch parent child mapped questionnaire", description = "Desc - Fetch parent child mapped questionnaire")
 	@ApiResponses(value = {
diff --git a/src/main/java/com/iemr/ecd/controller/reports/ReportController.java b/src/main/java/com/iemr/ecd/controller/reports/ReportController.java
index 88fd148..36be209 100644
--- a/src/main/java/com/iemr/ecd/controller/reports/ReportController.java
+++ b/src/main/java/com/iemr/ecd/controller/reports/ReportController.java
@@ -30,7 +30,7 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
+
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -48,7 +48,6 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 
-@CrossOrigin
 @RequestMapping({ "/ecdReportController" })
 @RestController
 public class ReportController {
@@ -87,7 +86,6 @@ public ResponseEntity<Object> getCallDetailsReport(@RequestBody String jsonReque
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD call summary report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDCallSummaryReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getCallSummaryReport(@RequestBody String jsonRequest) {
@@ -111,7 +109,6 @@ public ResponseEntity<Object> getCallSummaryReport(@RequestBody String jsonReque
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD cumulative district report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDCumulativeDistrictReport", method = RequestMethod.POST)
 	public ResponseEntity<Object> getCumulativeDistrictReport(@RequestBody String jsonRequest) {
@@ -136,7 +133,6 @@ public ResponseEntity<Object> getCumulativeDistrictReport(@RequestBody String js
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD beneficiary wise follow up details report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDBeneficiarywisefollowupdetailsReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getBeneficiarywisefollowupdetails(@RequestBody String jsonRequest) {
@@ -160,7 +156,6 @@ public ResponseEntity<Object> getBeneficiarywisefollowupdetails(@RequestBody Str
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD call detail report unique", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDCallDetailReportUnique", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getCallDetailReportUnique(@RequestBody String requestObj) {
@@ -185,7 +180,6 @@ public ResponseEntity<Object> getCallDetailReportUnique(@RequestBody String requ
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD birth defect report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDBirthDefectReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getBirthDefectReport(@RequestBody String jsonRequest) {
@@ -210,7 +204,6 @@ public ResponseEntity<Object> getBirthDefectReport(@RequestBody String jsonReque
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD aasha home visit gap report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDAashaHomeVisitGapReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getAashaHomeVisitGapReport(@RequestBody String jsonRequest) {
@@ -235,7 +228,6 @@ public ResponseEntity<Object> getAashaHomeVisitGapReport(@RequestBody String jso
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD calcium IFA tablet non adherence report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDCalciumIFATabNonadherenceReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getCalciumIFATabNonadherenceReport(@RequestBody String jsonRequest) {
@@ -260,7 +252,6 @@ public ResponseEntity<Object> getCalciumIFATabNonadherenceReport(@RequestBody St
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD absence in VHSND report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDAbsenceInVHSNDReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getAbsenceInVHSNDReport(@RequestBody String jsonRequest) {
@@ -285,7 +276,6 @@ public ResponseEntity<Object> getAbsenceInVHSNDReport(@RequestBody String jsonRe
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD vaccine drop out identified report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDVaccineDropOutIdentifiedReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getVaccineDropOutIdentifiedReport(@RequestBody String jsonRequest) {
@@ -310,7 +300,6 @@ public ResponseEntity<Object> getVaccineDropOutIdentifiedReport(@RequestBody Str
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD vaccine left out identified report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDVaccineLeftOutIdentifiedReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getVaccineLeftOutIdentifiedReport(@RequestBody String jsonRequest) {
@@ -336,7 +325,6 @@ public ResponseEntity<Object> getVaccineLeftOutIdentifiedReport(@RequestBody Str
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD developmental delay report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDDevelopmentalDelayReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getDevelopmentalDelayReport(@RequestBody String jsonRequest) {
@@ -361,7 +349,6 @@ public ResponseEntity<Object> getDevelopmentalDelayReport(@RequestBody String js
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD abortion report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDAbortionReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getAbortionReport(@RequestBody String jsonRequest) {
@@ -386,7 +373,6 @@ public ResponseEntity<Object> getAbortionReport(@RequestBody String jsonRequest)
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD delivery status report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDDeliveryStatusReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getDeliveryStatusReport(@RequestBody String jsonRequest) {
@@ -411,7 +397,6 @@ public ResponseEntity<Object> getDeliveryStatusReport(@RequestBody String jsonRe
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD high risk pregnancy cases identified report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDHRPCasesIdentifiedReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getHRPCasesIdentifiedReport(@RequestBody String jsonRequest) {
@@ -436,7 +421,6 @@ public ResponseEntity<Object> getHRPCasesIdentifiedReport(@RequestBody String js
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD infants high risk report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDInfantsHighRiskReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getInfantsHighRiskReport(@RequestBody String jsonRequest) {
@@ -461,7 +445,6 @@ public ResponseEntity<Object> getInfantsHighRiskReport(@RequestBody String jsonR
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD maternal death report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDMaternalDeathReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getMaternalDeathReport(@RequestBody String jsonRequest) {
@@ -486,7 +469,6 @@ public ResponseEntity<Object> getMaternalDeathReport(@RequestBody String jsonReq
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD still birth report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDStillBirthReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getStillBirthReport(@RequestBody String jsonRequest) {
@@ -511,7 +493,6 @@ public ResponseEntity<Object> getStillBirthReport(@RequestBody String jsonReques
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD baby death report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDBabyDeathReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getBabyDeathReport(@RequestBody String jsonRequest) {
@@ -536,7 +517,6 @@ public ResponseEntity<Object> getBabyDeathReport(@RequestBody String jsonRequest
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD not connected phone list diffrent format report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDNotConnectedPhonelistDiffformatReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getNotConnectedPhonelistDiffformatReport(@RequestBody String jsonRequest) {
@@ -561,7 +541,6 @@ public ResponseEntity<Object> getNotConnectedPhonelistDiffformatReport(@RequestB
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECDJSY related complaints report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDJSYRelatedComplaintsReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getJSYRelatedComplaintsReport(@RequestBody String jsonRequest) {
@@ -586,7 +565,6 @@ public ResponseEntity<Object> getJSYRelatedComplaintsReport(@RequestBody String
 		}
 	}
 
-	@CrossOrigin
 	@Operation(summary = "Get ECD miscarriage report", description = "Desc - Get call details report")
 	@RequestMapping(value = "/getECDMiscarriageReport", method = RequestMethod.POST, headers = "Authorization")
 	public ResponseEntity<Object> getMiscarriageReport(@RequestBody String jsonRequest) {
diff --git a/src/main/java/com/iemr/ecd/utils/mapper/FilterConfig.java b/src/main/java/com/iemr/ecd/utils/mapper/FilterConfig.java
index 98867f8..ece23a9 100644
--- a/src/main/java/com/iemr/ecd/utils/mapper/FilterConfig.java
+++ b/src/main/java/com/iemr/ecd/utils/mapper/FilterConfig.java
@@ -3,17 +3,26 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.beans.factory.annotation.Value;
 
 @Configuration
 public class FilterConfig {
 
+	@Value("${cors.allowed-origins}")
+	private String allowedOrigins;
+
 	@Bean
 	public FilterRegistrationBean<JwtUserIdValidationFilter> jwtUserIdValidationFilter(
 			JwtAuthenticationUtil jwtAuthenticationUtil) {
 		FilterRegistrationBean<JwtUserIdValidationFilter> registrationBean = new FilterRegistrationBean<>();
-		registrationBean.setFilter(new JwtUserIdValidationFilter(jwtAuthenticationUtil));
+
+		// Pass allowedOrigins explicitly to the filter constructor
+		JwtUserIdValidationFilter filter = new JwtUserIdValidationFilter(jwtAuthenticationUtil, allowedOrigins);
+
+		registrationBean.setFilter(filter);
+		registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
 		registrationBean.addUrlPatterns("/*"); // Apply filter to all API endpoints
 		return registrationBean;
 	}
-
 }
diff --git a/src/main/java/com/iemr/ecd/utils/mapper/JwtUserIdValidationFilter.java b/src/main/java/com/iemr/ecd/utils/mapper/JwtUserIdValidationFilter.java
index 3bc18ee..8f1540a 100644
--- a/src/main/java/com/iemr/ecd/utils/mapper/JwtUserIdValidationFilter.java
+++ b/src/main/java/com/iemr/ecd/utils/mapper/JwtUserIdValidationFilter.java
@@ -4,7 +4,6 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
 
 import com.iemr.ecd.utils.constants.Constants;
 import com.iemr.ecd.utils.http_request_interceptor.AuthorizationHeaderRequestWrapper;
@@ -17,15 +16,18 @@
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import java.util.Arrays;
 
-@Component
 public class JwtUserIdValidationFilter implements Filter {
 
 	private final JwtAuthenticationUtil jwtAuthenticationUtil;
 	private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
+	private final String allowedOrigins;
 
-	public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil) {
+	public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil,
+			String allowedOrigins) {
 		this.jwtAuthenticationUtil = jwtAuthenticationUtil;
+		this.allowedOrigins = allowedOrigins;
 	}
 
 	@Override
@@ -34,6 +36,23 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
 
+		String origin = request.getHeader("Origin");
+		if (origin != null && isOriginAllowed(origin)) {
+			response.setHeader("Access-Control-Allow-Origin", origin);
+			response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+			response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, Jwttoken");
+			response.setHeader("Vary", "Origin");
+			response.setHeader("Access-Control-Allow-Credentials", "true");
+		} else {
+			logger.warn("Origin [{}] is NOT allowed. CORS headers NOT added.", origin);
+		}
+
+		if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+			logger.info("OPTIONS request - skipping JWT validation");
+			response.setStatus(HttpServletResponse.SC_OK);
+			return;
+		}
+
 		String path = request.getRequestURI();
 		String contextPath = request.getContextPath();
 		logger.info("JwtUserIdValidationFilter invoked for path: " + path);
@@ -103,18 +122,39 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 
 			logger.warn("No valid authentication token found");
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");
-		
+
 		} catch (Exception e) {
 			logger.error("Authorization error: ", e);
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());
 		}
 	}
+
+	private boolean isOriginAllowed(String origin) {
+		if (origin == null || allowedOrigins == null || allowedOrigins.trim().isEmpty()) {
+			logger.warn("No allowed origins configured or origin is null");
+			return false;
+		}
+
+		return Arrays.stream(allowedOrigins.split(","))
+				.map(String::trim)
+				.anyMatch(pattern -> {
+					String regex = pattern
+							.replace(".", "\\.")
+							.replace("*", ".*")
+							.replace("http://localhost:.*", "http://localhost:\\d+"); // special case for wildcard port
+
+					boolean matched = origin.matches(regex);
+					return matched;
+				});
+	}
+
 	private boolean isMobileClient(String userAgent) {
 		if (userAgent == null)
 			return false;
 		userAgent = userAgent.toLowerCase();
 		return userAgent.contains(Constants.OKHTTP);
 	}
+
 	private String getJwtTokenFromCookies(HttpServletRequest request) {
 		Cookie[] cookies = request.getCookies();
 		if (cookies != null) {