diff --git a/dmp-backend/web/pom.xml b/dmp-backend/web/pom.xml
index fd38b3afd..b46410b8c 100644
--- a/dmp-backend/web/pom.xml
+++ b/dmp-backend/web/pom.xml
@@ -191,6 +191,14 @@
saaj-impl
3.0.0-M2
+
+
+
+
+ gr.cite
+ cors-web
+ 2.1.0
+
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java
index 32909dd7c..a2e0ba4a1 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DescriptionTemplateTypeController.java
@@ -32,7 +32,6 @@ import javax.management.InvalidApplicationException;
import java.util.*;
@RestController
-@CrossOrigin
@RequestMapping(path = "api/description-template-type")
public class DescriptionTemplateTypeController {
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java
index db0d6a1c5..d89da4267 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/DmpBlueprintController.java
@@ -30,7 +30,6 @@ import javax.management.InvalidApplicationException;
import java.util.*;
@RestController
-@CrossOrigin
@RequestMapping(path = "api/dmp-blueprint")
public class DmpBlueprintController {
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java
index 2a98d253b..7f9a4eba9 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/EntityDoiController.java
@@ -33,7 +33,6 @@ import javax.management.InvalidApplicationException;
import java.util.*;
@RestController
-@CrossOrigin
@RequestMapping(path = "api/entity-doi")
public class EntityDoiController {
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java
index 172dace66..1cd510016 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalReferencesController.java
@@ -28,7 +28,6 @@ import javax.management.InvalidApplicationException;
import java.util.List;
@RestController
-@CrossOrigin
@RequestMapping(path = {"api/external-references"})
public class ExternalReferencesController extends BaseController {
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java
index 018e7753f..739328085 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/ExternalValidationController.java
@@ -15,7 +15,6 @@ import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
@RestController
-@CrossOrigin
@RequestMapping(path = {"api/validation"})
public class ExternalValidationController extends BaseController {
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java
index eecece201..653f6ef0c 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/PrincipalController.java
@@ -21,7 +21,6 @@ import eu.eudat.models.v2.Account;
import javax.management.InvalidApplicationException;
@RestController
-@CrossOrigin
@RequestMapping(value = { "/api/principal/" })
public class PrincipalController {
private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(PrincipalController.class));
diff --git a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java
index 48285bf4e..f032c779d 100644
--- a/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/controllers/v2/SupportiveMaterialController.java
@@ -25,7 +25,6 @@ import java.util.stream.Stream;
import static eu.eudat.types.Authorities.ADMIN;
@RestController
-@CrossOrigin
@RequestMapping(path = {"/api/material"})
public class SupportiveMaterialController {
diff --git a/dmp-backend/web/src/main/resources/config/application.yml b/dmp-backend/web/src/main/resources/config/application.yml
index e795cc7d6..b621c8114 100644
--- a/dmp-backend/web/src/main/resources/config/application.yml
+++ b/dmp-backend/web/src/main/resources/config/application.yml
@@ -15,5 +15,6 @@ spring:
optional:classpath:config/file-path.yml[.yml], optional:classpath:config/file-path-${spring.profiles.active}.yml[.yml], optional:file:../config/file-path-${spring.profiles.active}.yml[.yml],
optional:classpath:config/idpclaims.yml[.yml], optional:classpath:config/idpclaims-${spring.profiles.active}.yml[.yml], optional:file:../config/idpclaims-${spring.profiles.active}.yml[.yml],
optional:classpath:config/external.yml[.yml], optional:classpath:config/external-${spring.profiles.active}.yml[.yml], optional:file:../config/external-${spring.profiles.active}.yml[.yml],
+ optional:classpath:config/cors.yml[.yml], optional:classpath:config/cors-${spring.profiles.active}.yml[.yml], optional:file:../config/cors-${spring.profiles.active}.yml[.yml],
optional:classpath:config/swagger.yml[.yml], optional:classpath:config/swagger-${spring.profiles.active}.yml[.yml], optional:file:../config/swagger-${spring.profiles.active}.yml[.yml],
optional:classpath:config/deposit.yml[.yml], optional:classpath:config/deposit-${spring.profiles.active}.yml[.yml], optional:file:../config/deposit-${spring.profiles.active}.yml[.yml]
diff --git a/dmp-backend/web/src/main/resources/config/cors-devel.yml b/dmp-backend/web/src/main/resources/config/cors-devel.yml
new file mode 100644
index 000000000..3e9227ef3
--- /dev/null
+++ b/dmp-backend/web/src/main/resources/config/cors-devel.yml
@@ -0,0 +1,3 @@
+web:
+ cors:
+ allowed-origins: [ http://localhost, http://localhost:4200 ]
diff --git a/dmp-backend/web/src/main/resources/config/cors.yml b/dmp-backend/web/src/main/resources/config/cors.yml
new file mode 100644
index 000000000..3774f14d4
--- /dev/null
+++ b/dmp-backend/web/src/main/resources/config/cors.yml
@@ -0,0 +1,7 @@
+web:
+ cors:
+ enabled: true
+ allowed-methods: [ HEAD, GET, POST, PUT, DELETE, PATCH ]
+ allowed-headers: [ Authorization, Cache-Control, Content-Type, Content-Disposition, x-tenant ]
+ exposed-headers: [ Authorization, Cache-Control, Content-Type, Content-Disposition ]
+ allow-credentials: false