diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
index 2291af2..deee65a 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
@@ -20,6 +20,7 @@ public class CorsConfig extends WebMvcConfigurerAdapter {
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
+                .allowedOrigins(securityConfig.getOriginServer())
                 .allowCredentials(true);
     }
 }
diff --git a/src/main/resources/authorization.properties b/src/main/resources/authorization.properties
index 45a28ec..015aeb3 100644
--- a/src/main/resources/authorization.properties
+++ b/src/main/resources/authorization.properties
@@ -1,6 +1,6 @@
 #dev
 authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
-authorization.security.originServer = *
+authorization.security.originServer = di.uoa.gr
 
 #beta
 #authorization.security.userInfoUrl =  https://beta.services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=