diff --git a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
index ebeaaa23..196b003a 100644
--- a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
+++ b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
@@ -19,9 +19,10 @@ protected void doFilterInternal(final HttpServletRequest request,
                                     final FilterChain filterChain) throws ServletException, IOException {
         response.setHeader("Access-Control-Allow-Origin", ALLOWED_ORIGIN_ADDRESS);
         response.setHeader("Access-Control-Allow-Credentials", "true");
-        response.setHeader("Access-Control-Allow-Methods", "*");
+        response.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS");
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers", "*");
+        response.setHeader("Access-Control-Allow-Headers",
+                "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
         ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper(request);
         ContentCachingResponseWrapper contentCachingResponseWrapper = new ContentCachingResponseWrapper(response);