diff --git a/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java b/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java
index 33ea89ca171..44139b26e78 100644
--- a/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java
+++ b/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java
@@ -695,7 +695,7 @@ public static class ExecuteCommandProperties {
     public static class CorsProperties {
 
         private boolean enabled;
-        private List<String> allowedOrigins;
+        private List<String> allowedOriginPatterns;
         private List<String> allowedMethods;
         private List<String> allowedHeaders;
         private List<String> exposedHeaders;
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java
index 8295023e053..c8234d97e09 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java
@@ -263,7 +263,7 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
         FineractProperties.CorsProperties corsConfiguration = fineractProperties.getSecurity().getCors();
-        config.setAllowedOrigins(corsConfiguration.getAllowedOrigins());
+        config.setAllowedOriginPatterns(corsConfiguration.getAllowedOriginPatterns());
         config.setAllowedMethods(corsConfiguration.getAllowedMethods());
         config.setAllowedHeaders(corsConfiguration.getAllowedHeaders());
         config.setExposedHeaders(corsConfiguration.getExposedHeaders());
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/config/AuthorizationServerConfig.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/config/AuthorizationServerConfig.java
index f2d13033017..4446972e8c6 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/config/AuthorizationServerConfig.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/config/AuthorizationServerConfig.java
@@ -192,7 +192,7 @@ public SecurityFilterChain protectedEndpoints(HttpSecurity http) throws Exceptio
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
         FineractProperties.CorsProperties corsConfiguration = fineractProperties.getSecurity().getCors();
-        config.setAllowedOrigins(corsConfiguration.getAllowedOrigins());
+        config.setAllowedOriginPatterns(corsConfiguration.getAllowedOriginPatterns());
         config.setAllowedMethods(corsConfiguration.getAllowedMethods());
         config.setAllowedHeaders(corsConfiguration.getAllowedHeaders());
         config.setExposedHeaders(corsConfiguration.getExposedHeaders());
diff --git a/fineract-provider/src/main/resources/application.properties b/fineract-provider/src/main/resources/application.properties
index 0f641f19af5..d002dfbb723 100644
--- a/fineract-provider/src/main/resources/application.properties
+++ b/fineract-provider/src/main/resources/application.properties
@@ -28,10 +28,10 @@ fineract.security.hsts.enabled=${FINERACT_SECURITY_HSTS_ENABLED:false}
 
 #CORS configuration
 fineract.security.cors.enabled=${FINERACT_SECURITY_CORS_ENABLED:true}
-fineract.security.cors.allowed-origins=${FINERACT_SECURITY_CORS_ALLOWED_ORIGINS:"*"}
-fineract.security.cors.allowed-methods=${FINERACT_SECURITY_CORS_ALLOWED_METHODS:"*"}
-fineract.security.cors.allowed-headers=${FINERACT_SECURITY_CORS_ALLOWED_HEADERS:"*"}
-fineract.security.cors.exposed-headers=${FINERACT_SECURITY_CORS_EXPOSED_HEADERS:"*"}
+fineract.security.cors.allowed-origin-patterns=${FINERACT_SECURITY_CORS_ALLOWED_ORIGIN_PATTERNS:*}
+fineract.security.cors.allowed-methods=${FINERACT_SECURITY_CORS_ALLOWED_METHODS:*}
+fineract.security.cors.allowed-headers=${FINERACT_SECURITY_CORS_ALLOWED_HEADERS:*}
+fineract.security.cors.exposed-headers=${FINERACT_SECURITY_CORS_EXPOSED_HEADERS:*}
 fineract.security.cors.allow-credentials=${FINERACT_SECURITY_CORS_ALLOW_CREDENTIALS:true}
 
 # EXAMPLE: OAuth2 client configuration (frontend-client)
diff --git a/fineract-provider/src/test/resources/application-test.properties b/fineract-provider/src/test/resources/application-test.properties
index a0434020693..1530e7cdfa5 100644
--- a/fineract-provider/src/test/resources/application-test.properties
+++ b/fineract-provider/src/test/resources/application-test.properties
@@ -27,10 +27,10 @@ fineract.security.hsts.enabled=false
 
 #CORS configuration
 fineract.security.cors.enabled=true
-fineract.security.cors.allowed-origins="*"
-fineract.security.cors.allowed-methods="*"
-fineract.security.cors.allowed-headers="*"
-fineract.security.cors.exposed-headers="*"
+fineract.security.cors.allowed-origin-patterns=*
+fineract.security.cors.allowed-methods=*
+fineract.security.cors.allowed-headers=*
+fineract.security.cors.exposed-headers=*
 fineract.security.cors.allow-credentials=true
 
 fineract.tenant.host=localhost