diff --git a/backend/api.py b/backend/api.py
index 88162d9..80b2581 100644
--- a/backend/api.py
+++ b/backend/api.py
@@ -35,7 +35,8 @@
 load_dotenv()
 
 app = Flask(__name__)
-CORS(app, resources={r"/*": {"origins": "*" }})
+ALLOWED_ORIGIN = os.getenv("NODE_GATEWAY_ORIGIN", "http://localhost:3000")
+CORS(app, resources={r"/*": {"origins": ALLOWED_ORIGIN}})
 
 from functools import wraps
 from flask_jwt_extended import JWTManager, jwt_required, get_jwt_identity, verify_jwt_in_request