diff --git a/src/main/java/com/finfellows/global/config/security/WebMvcConfig.java b/src/main/java/com/finfellows/global/config/security/WebMvcConfig.java
new file mode 100644
index 0000000..29940fb
--- /dev/null
+++ b/src/main/java/com/finfellows/global/config/security/WebMvcConfig.java
@@ -0,0 +1,26 @@
+package com.finfellows.global.config.security;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer{
+    
+    private final long MAX_AGE_SECS = 3600;
+
+    @Value("${app.cors.allowed-origins}")
+    private String[] allowedOrigins;
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins(allowedOrigins)
+                .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
+                .allowedHeaders("*")
+                .allowCredentials(true)
+                .maxAge(MAX_AGE_SECS);
+    }
+
+}