diff --git a/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java b/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
index 144b5f4fa..8a2b26836 100644
--- a/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
+++ b/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
@@ -13,7 +13,10 @@
 public class CorsFilter extends OncePerRequestFilter {
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        response.setHeader("Access-Control-Allow-Origin", "*");
+        String origin = request.getHeader("origin");
+        if (origin.endsWith(".carffe.in")) {
+            response.setHeader("Access-Control-Allow-Origin", origin);
+        }
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "*");
         response.setHeader("Access-Control-Max-Age", "3600");