diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts
index 2b39120..137e70a 100644
--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@@ -8,6 +8,7 @@ import { SecurityHeadersMiddleware } from './middleware/security-middleware/secu
 import { HttpsRedirectMiddleware } from './middleware/https-middlware/https-redirect.middleware';
 import { AuthModule } from './modules/auth-module/auth.module';
 import { AccessTokenGuard } from './modules/auth-module/common/guards';
+import { CorsMiddleware } from './middleware/cors-middleware/cors.middlware';
 
 @Module({
   imports: [
@@ -24,7 +25,12 @@ export class AppModule {
   configure(consumer: MiddlewareConsumer) {
     consumer
       // TODO: Redirect via Reverse Proxy all HTTP requests to HTTPS
-      .apply(CspMiddleware, SecurityHeadersMiddleware, HttpsRedirectMiddleware)
+      .apply(
+        CspMiddleware,
+        SecurityHeadersMiddleware,
+        HttpsRedirectMiddleware,
+        CorsMiddleware
+      )
       .forRoutes({ path: '*', method: RequestMethod.ALL });
   }
 }
diff --git a/backend/src/middleware/cors-middleware/cors.middlware.ts b/backend/src/middleware/cors-middleware/cors.middlware.ts
new file mode 100644
index 0000000..81ec5bd
--- /dev/null
+++ b/backend/src/middleware/cors-middleware/cors.middlware.ts
@@ -0,0 +1,36 @@
+import { Injectable, NestMiddleware } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { Request, Response, NextFunction } from 'express';
+
+@Injectable()
+export class CorsMiddleware implements NestMiddleware {
+  constructor(private readonly configService: ConfigService) {}
+
+  public use(req: Request, res: Response, next: NextFunction): void {
+    if (this.configService.get<string>('NODE_ENV') === 'production') {
+      const allowedOrigin = this.configService.get<string>('CORS_ALLOW_ORIGIN');
+
+      if (req.headers.origin === allowedOrigin) {
+        res.header('Access-Control-Allow-Origin', allowedOrigin);
+        res.header(
+          'Access-Control-Allow-Methods',
+          this.configService.get<string>('CORS_ALLOW_METHODS')
+        );
+        res.header(
+          'Access-Control-Allow-Headers',
+          this.configService.get<string>('CORS_ALLOW_HEADERS')
+        );
+
+        if (req.method === 'OPTIONS') {
+          res.sendStatus(200);
+        } else {
+          next();
+        }
+      } else {
+        res.status(403).json({ message: 'Forbidden' });
+      }
+    } else {
+      next();
+    }
+  }
+}