diff --git a/.env.dist b/.env.dist
index ef91ad3..a746ac4 100644
--- a/.env.dist
+++ b/.env.dist
@@ -40,4 +40,5 @@ CUSTOMER_DATABASE_URL=${DBDRIVER}://${DBCUSTOMERUSER}:${DBCUSTOMERPASSWORD}@${DB
 
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN=^https?://localhost:?[0-9]*$
+CORS_ALLOW_ORIGIN_DEV=^https?://localhost:?[0-9]*$
 ###< nelmio/cors-bundle ###
diff --git a/config/packages/nelmio_cors.yaml b/config/packages/nelmio_cors.yaml
index 9df58e9..6955cdb 100644
--- a/config/packages/nelmio_cors.yaml
+++ b/config/packages/nelmio_cors.yaml
@@ -1,7 +1,7 @@
 nelmio_cors:
     defaults:
         origin_regex: true
-        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
+        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%','%env(CORS_ALLOW_ORIGIN_DEV)%']
         allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
         allow_headers: ['Content-Type', 'Authorization']
         max_age: 86400 # 24 hours
@@ -9,7 +9,7 @@ nelmio_cors:
         '^/pias':
             allow_credentials: false
             origin_regex: true
-            allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
+            allow_origin: ['%env(CORS_ALLOW_ORIGIN)%','%env(CORS_ALLOW_ORIGIN_DEV)%']
             allow_headers: ['Content-Type', 'Authorization']
             allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
             max_age: 86400 # 24 hours