diff --git a/api-gateway/src/main/java/kr/mafoo/gateway/config/CorsConfigurationFilter.java b/api-gateway/src/main/java/kr/mafoo/gateway/config/CorsConfigurationFilter.java
new file mode 100644
index 0000000..2d0f1fb
--- /dev/null
+++ b/api-gateway/src/main/java/kr/mafoo/gateway/config/CorsConfigurationFilter.java
@@ -0,0 +1,39 @@
+package kr.mafoo.gateway.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.web.cors.reactive.CorsUtils;
+import org.springframework.web.server.WebFilter;
+import reactor.core.publisher.Mono;
+
+@Configuration
+public class CorsConfigurationFilter {
+    @Bean
+    public WebFilter corsFilter() {
+        return (ctx, chain) -> {
+            ServerHttpRequest request = ctx.getRequest();
+
+            if(CorsUtils.isPreFlightRequest(request)) {
+                ServerHttpResponse response = ctx.getResponse();
+                HttpHeaders headers = response.getHeaders();
+                headers.add("Access-Control-Allow-Origin", "*");
+                headers.add("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
+                headers.add("Access-Control-Max-Age", "3600");
+                headers.add("Access-Control-Allow-Headers", "Authorization, Content-Type");
+                headers.add("Access-Control-Allow-Credentials", "true");
+
+                if (request.getMethod() == HttpMethod.OPTIONS) {
+                    response.setStatusCode(HttpStatus.OK);
+                    return Mono.empty();
+                }
+            }
+
+            return chain.filter(ctx);
+        };
+    }
+}