diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
index 87175f4..a159ea4 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
@@ -1,10 +1,36 @@
 package eu.dnetlib.uoaauthorizationlibrary.configuration;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 @EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
 @ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
-public class AuthorizationConfiguration { }
+public class AuthorizationConfiguration {
+
+    private final SecurityConfig securityConfig;
+
+
+    @Autowired
+    public AuthorizationConfiguration(SecurityConfig securityConfig) {
+        this.securityConfig = securityConfig;
+    }
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")
+                        .allowedOriginPatterns("*" + securityConfig.getDomain(), "*" + securityConfig.getDomain() + ":*")
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
+                        .allowCredentials(true);
+            }
+        };
+    }
+}
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java
deleted file mode 100644
index b491b23..0000000
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/CorsAllowFilter.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package eu.dnetlib.uoaauthorizationlibrary.configuration;
-
-import jakarta.servlet.FilterChain;
-import jakarta.servlet.ServletException;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-import org.springframework.stereotype.Component;
-import org.springframework.web.filter.OncePerRequestFilter;
-
-import java.io.IOException;
-
-@Component
-public class CorsAllowFilter extends OncePerRequestFilter {
-
-    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
-                                    FilterChain filterChain) throws ServletException, IOException {
-        response.addHeader("Access-Control-Allow-Origin", "*");
-        response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS, HEAD");
-        response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
-        response.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials");
-        response.addHeader("Access-Control-Allow-Credentials", "true");
-        response.addIntHeader("Access-Control-Max-Age", 10);
-        filterChain.doFilter(request, response);
-    }
-}
diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
index 0d297bd..039e192 100644
--- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
+++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java
@@ -1,6 +1,5 @@
 package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.configuration.CorsAllowFilter;
 import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -19,12 +18,10 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
 public class WebSecurityConfig {
 
     private final AuthorizationFilter filter;
-    private final CorsAllowFilter corsFilter;
 
     @Autowired
-    public WebSecurityConfig(AuthorizationFilter filter, CorsAllowFilter corsFilter) {
+    public WebSecurityConfig(AuthorizationFilter filter) {
         this.filter = filter;
-        this.corsFilter = corsFilter;
     }
 
     @Bean
@@ -35,7 +32,6 @@ public class WebSecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf(AbstractHttpConfigurer::disable);
-        http.addFilter(corsFilter);
         http.addFilterBefore(filter, BasicAuthenticationFilter.class);
         http.exceptionHandling(handler -> handler.authenticationEntryPoint(this.entryPoint()));
         http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());