diff --git a/backend/src/main/java/de/szut/casino/config/CorsConfig.java b/backend/src/main/java/de/szut/casino/config/CorsConfig.java
index a3f0fb0..46a6864 100644
--- a/backend/src/main/java/de/szut/casino/config/CorsConfig.java
+++ b/backend/src/main/java/de/szut/casino/config/CorsConfig.java
@@ -9,7 +9,7 @@ public class CorsConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                .allowedOrigins("*")
+                .allowedOrigins("http://localhost:8080", "http://192.168.176.120:4200")
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                 .allowedHeaders("Origin", "Content-Type", "Accept", "Authorization", "X-Requested-With")
                 .allowCredentials(true)