diff --git a/amplify/backend/function/ExpressFunction/src/app.ts b/amplify/backend/function/ExpressFunction/src/app.ts
index 25467b2..08aff60 100644
--- a/amplify/backend/function/ExpressFunction/src/app.ts
+++ b/amplify/backend/function/ExpressFunction/src/app.ts
@@ -14,7 +14,7 @@ dotenv.config()
 const secret = process.env.app_secret as string
 
 const app = express()
-app.use(cors({ credentials: true, origin: true }))
+app.use(cors({ credentials: true, origin: [/^https:\/\/[a-z0-9\.]+amplifyapp\.com$/] }))
 app.use(passport.initialize())
 app.use(session({ secret, saveUninitialized: false, resave: false }))
 app.use(passport.session())