diff --git a/src/main/java/com/danpoong/onchung/global/config/SecurityConfig.java b/src/main/java/com/danpoong/onchung/global/config/SecurityConfig.java
index ba49af8..c08a833 100644
--- a/src/main/java/com/danpoong/onchung/global/config/SecurityConfig.java
+++ b/src/main/java/com/danpoong/onchung/global/config/SecurityConfig.java
@@ -15,6 +15,11 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
@@ -31,6 +36,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .httpBasic(AbstractHttpConfigurer::disable)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) //세션 사용 안 함
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .exceptionHandling(exceptionHandling -> {
                     exceptionHandling
                             .authenticationEntryPoint(jwtAuthenticationEntryPoint)
@@ -51,4 +57,23 @@ public WebSecurityCustomizer webSecurityCustomizer() {
         return webSecurity -> webSecurity.ignoring()
                 .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/api/auth/**");
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(List.of(
+                "http://localhost:5173",
+                "http://localhost:8080",
+                "http://localhost:3000",
+                "https://youthmap.site",
+                "https://api.youthmap.site"
+        ));
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
\ No newline at end of file
diff --git a/src/main/java/com/danpoong/onchung/global/config/WebConfig.java b/src/main/java/com/danpoong/onchung/global/config/WebConfig.java
deleted file mode 100644
index ac88a3e..0000000
--- a/src/main/java/com/danpoong/onchung/global/config/WebConfig.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package com.danpoong.onchung.global.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
-@Configuration
-public class WebConfig implements WebMvcConfigurer {
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins("*")
-                .allowedMethods(
-                        HttpMethod.GET.name(),
-                        HttpMethod.HEAD.name(),
-                        HttpMethod.POST.name(),
-                        HttpMethod.PUT.name(),
-                        HttpMethod.DELETE.name()
-                )
-                .allowedHeaders("Content-Type", "Authorization")
-                .allowCredentials(true);
-    }
-}
\ No newline at end of file