diff --git a/server.js b/server.js
index a588ad0..bd5400d 100644
--- a/server.js
+++ b/server.js
@@ -18,10 +18,28 @@ const app = express();
 const PORT = 5577;
 
 // 미들웨어 설정
-app.use(cors());
+app.use(cors({
+    origin: function (origin, callback) {
+        // 모든 origin 허용 (개발/운영 환경 모두)
+        callback(null, true);
+    },
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-API-Key', 'X-Requested-With'],
+    exposedHeaders: ['Content-Length', 'X-Foo', 'X-Bar']
+}));
 app.use(bodyParser.json({ limit: '50mb' }));
 app.use(bodyParser.urlencoded({ extended: true, limit: '50mb' }));
 
+// OPTIONS 요청 처리 (CORS preflight)
+app.options('*', (req, res) => {
+    res.header('Access-Control-Allow-Origin', '*');
+    res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, X-Requested-With');
+    res.header('Access-Control-Allow-Credentials', 'true');
+    res.sendStatus(200);
+});
+
 // 정적 파일 서빙 (개발 환경에서 캐시 비활성화)
 app.use(express.static(path.join(__dirname, 'public'), {
     etag: false,