diff --git a/dmp-backend/web/pom.xml b/dmp-backend/web/pom.xml
index fd38b3afd..b46410b8c 100644
--- a/dmp-backend/web/pom.xml
+++ b/dmp-backend/web/pom.xml
@@ -191,6 +191,14 @@
             <artifactId>saaj-impl</artifactId>
             <version>3.0.0-M2</version>
         </dependency>
+
+
+        <!--CITE DEPENDENCIES-->
+        <dependency>
+            <groupId>gr.cite</groupId>
+            <artifactId>cors-web</artifactId>
+            <version>2.1.0</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java
index 32909dd7c..a2e0ba4a1 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java
@@ -32,7 +32,6 @@ import javax.management.InvalidApplicationException;
 import java.util.*;
 
 @RestController
-@CrossOrigin
 @RequestMapping(path = "api/description-template-type")
 public class DescriptionTemplateTypeController {
 
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java
index db0d6a1c5..d89da4267 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java
@@ -30,7 +30,6 @@ import javax.management.InvalidApplicationException;
 import java.util.*;
 
 @RestController
-@CrossOrigin
 @RequestMapping(path = "api/dmp-blueprint")
 public class DmpBlueprintController {
 
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java
index 2a98d253b..7f9a4eba9 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java
@@ -33,7 +33,6 @@ import javax.management.InvalidApplicationException;
 import java.util.*;
 
 @RestController
-@CrossOrigin
 @RequestMapping(path = "api/entity-doi")
 public class EntityDoiController {
 
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java
index 172dace66..1cd510016 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java
@@ -28,7 +28,6 @@ import javax.management.InvalidApplicationException;
 import java.util.List;
 
 @RestController
-@CrossOrigin
 @RequestMapping(path = {"api/external-references"})
 public class ExternalReferencesController extends BaseController {
 
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java
index 018e7753f..739328085 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java
@@ -15,7 +15,6 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
-@CrossOrigin
 @RequestMapping(path = {"api/validation"})
 public class ExternalValidationController extends BaseController {
 
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java
index eecece201..653f6ef0c 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java
@@ -21,7 +21,6 @@ import eu.eudat.models.v2.Account;
 import javax.management.InvalidApplicationException;
 
 @RestController
-@CrossOrigin
 @RequestMapping(value = { "/api/principal/" })
 public class PrincipalController {
 	private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(PrincipalController.class));
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java
index 48285bf4e..f032c779d 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java
@@ -25,7 +25,6 @@ import java.util.stream.Stream;
 import static eu.eudat.types.Authorities.ADMIN;
 
 @RestController
-@CrossOrigin
 @RequestMapping(path = {"/api/material"})
 public class SupportiveMaterialController {
 
diff --git a/dmp-backend/web/src/main/resources/config/application.yml b/dmp-backend/web/src/main/resources/config/application.yml
index e795cc7d6..b621c8114 100644
--- a/dmp-backend/web/src/main/resources/config/application.yml
+++ b/dmp-backend/web/src/main/resources/config/application.yml
@@ -15,5 +15,6 @@ spring:
       optional:classpath:config/file-path.yml[.yml], optional:classpath:config/file-path-${spring.profiles.active}.yml[.yml], optional:file:../config/file-path-${spring.profiles.active}.yml[.yml],
       optional:classpath:config/idpclaims.yml[.yml], optional:classpath:config/idpclaims-${spring.profiles.active}.yml[.yml], optional:file:../config/idpclaims-${spring.profiles.active}.yml[.yml],
       optional:classpath:config/external.yml[.yml], optional:classpath:config/external-${spring.profiles.active}.yml[.yml], optional:file:../config/external-${spring.profiles.active}.yml[.yml],
+      optional:classpath:config/cors.yml[.yml], optional:classpath:config/cors-${spring.profiles.active}.yml[.yml], optional:file:../config/cors-${spring.profiles.active}.yml[.yml],
       optional:classpath:config/swagger.yml[.yml], optional:classpath:config/swagger-${spring.profiles.active}.yml[.yml], optional:file:../config/swagger-${spring.profiles.active}.yml[.yml],
       optional:classpath:config/deposit.yml[.yml], optional:classpath:config/deposit-${spring.profiles.active}.yml[.yml], optional:file:../config/deposit-${spring.profiles.active}.yml[.yml]
diff --git a/dmp-backend/web/src/main/resources/config/cors-devel.yml b/dmp-backend/web/src/main/resources/config/cors-devel.yml
new file mode 100644
index 000000000..3e9227ef3
--- /dev/null
+++ b/dmp-backend/web/src/main/resources/config/cors-devel.yml
@@ -0,0 +1,3 @@
+web:
+  cors:
+    allowed-origins: [ http://localhost, http://localhost:4200 ]
diff --git a/dmp-backend/web/src/main/resources/config/cors.yml b/dmp-backend/web/src/main/resources/config/cors.yml
new file mode 100644
index 000000000..3774f14d4
--- /dev/null
+++ b/dmp-backend/web/src/main/resources/config/cors.yml
@@ -0,0 +1,7 @@
+web:
+  cors:
+    enabled: true
+    allowed-methods: [ HEAD, GET, POST, PUT, DELETE, PATCH ]
+    allowed-headers: [ Authorization, Cache-Control, Content-Type, Content-Disposition, x-tenant ]
+    exposed-headers: [ Authorization, Cache-Control, Content-Type, Content-Disposition ]
+    allow-credentials: false