diff --git a/backend/src/main/java/com/vaessl/app/config/CorsConfig.java b/backend/src/main/java/com/vaessl/app/config/CorsConfig.java
index 945686a..baa8836 100644
--- a/backend/src/main/java/com/vaessl/app/config/CorsConfig.java
+++ b/backend/src/main/java/com/vaessl/app/config/CorsConfig.java
@@ -8,16 +8,13 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @Configuration
 public class CorsConfig implements WebMvcConfigurer {
 
-    @Value("${vaessl.frontend-local-url}")
-    private String frontendLocalUrl;
-
-    @Value("${vaessl.frontend-public-url}")
-    private String frontendPublicUrl;
+    @Value("${vaessl.allowed-origins}")
+    private String[] allowedOrigins;
 
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                .allowedOrigins(frontendLocalUrl, frontendPublicUrl)
+                .allowedOrigins(allowedOrigins)
                 .allowedMethods("GET", "POST", "DELETE", "OPTIONS")
                 .allowedHeaders("Content-Type", "Accept")
                 .allowCredentials(true);
diff --git a/backend/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/backend/src/main/resources/META-INF/additional-spring-configuration-metadata.json
index 57fd745..67507e3 100644
--- a/backend/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ b/backend/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -5,13 +5,8 @@
     "description": "A description for 'spring.session.store-type'"
   },
   {
-    "name": "vaessl.frontend-local-url",
+    "name": "vaessl.allowed-origins",
     "type": "java.lang.String",
-    "description": "A description for 'vaessl.frontend-local-url'"
-  },
-  {
-    "name": "vaessl.frontend-public-url",
-    "type": "java.lang.String",
-    "description": "A description for 'vaessl.frontend-public-url'"
+    "description": "Comma-separated list of allowed CORS origins"
   }
 ]}
\ No newline at end of file
diff --git a/backend/src/main/resources/application.yaml b/backend/src/main/resources/application.yaml
index f9c6a95..409f0ec 100644
--- a/backend/src/main/resources/application.yaml
+++ b/backend/src/main/resources/application.yaml
@@ -30,5 +30,4 @@ server:
   servlet:
     context-path: /api
 vaessl:
-  frontend-local-url: ${FRONTEND_LOCAL_URL}
-  frontend-public-url: ${FRONTEND_PUBLIC_URL}
+  allowed-origins: ${ALLOWED_ORIGINS}