diff --git a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
index 196b003a..72db7c2a 100644
--- a/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
+++ b/src/main/java/com/atwoz/global/config/filter/CorsCustomFilter.java
@@ -21,8 +21,8 @@ protected void doFilterInternal(final HttpServletRequest request,
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS");
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers",
-                "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
+        response.setHeader("Access-Control-Allow-Headers", "*");
+        response.setHeader("Access-Control-Expose-Headers", "Set-Cookie");
         ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper(request);
         ContentCachingResponseWrapper contentCachingResponseWrapper = new ContentCachingResponseWrapper(response);