diff --git a/backend/src/uxbox/config.clj b/backend/src/uxbox/config.clj
index 7bbcf1837f..68c834f1ea 100644
--- a/backend/src/uxbox/config.clj
+++ b/backend/src/uxbox/config.clj
@@ -35,6 +35,7 @@
   []
   {:http-server-port (lookup-env env :uxbox-http-server-port 6060)
    :http-server-debug (lookup-env env :uxbox-http-server-debug true)
+   :http-server-cors (lookup-env env :uxbox-http-server-cors "http://localhost:3449")
    :database-username (lookup-env env :uxbox-database-username nil)
    :database-password (lookup-env env :uxbox-database-password nil)
    :database-name (lookup-env env :uxbox-database-name "uxbox")
diff --git a/backend/src/uxbox/http/middleware.clj b/backend/src/uxbox/http/middleware.clj
index 043aa5f848..c08620eae9 100644
--- a/backend/src/uxbox/http/middleware.clj
+++ b/backend/src/uxbox/http/middleware.clj
@@ -16,6 +16,7 @@
             [ring.middleware.session :refer [wrap-session]]
             [ring.middleware.session.cookie :refer [cookie-store]]
             [ring.middleware.multipart-params :refer [wrap-multipart-params]]
+            [uxbox.config :as cfg]
             [uxbox.http.etag :refer [wrap-etag]]
             [uxbox.http.cors :refer [wrap-cors]]
             [uxbox.http.errors :as errors]
@@ -112,7 +113,7 @@
      :wrap #(wrap-session % options)}))
 
 (def cors-conf
-  {:origin #{"http://127.0.0.1:3449"}
+  {:origin #{"http://localhost:3449"}
    :max-age 3600
    :allow-credentials true
    :allow-methods #{:post :put :get :delete}
@@ -120,7 +121,12 @@
 
 (def ^:private cors-middleware
   {:name ::cors-middleware
-   :wrap #(wrap-cors % cors-conf)})
+   :wrap (fn [handler]
+           (let [cors (:http-server-cors cfg/config)]
+             (if (string? cors)
+               (->> (assoc cors-conf :origin #{cors})
+                    (wrap-cors handler))
+               handler)))})
 
 (def ^:private etag-middleware
   {:name ::etag-middleware