diff --git a/src/core/config.py b/src/core/config.py
index 02fe9c6..58e8e9b 100644
--- a/src/core/config.py
+++ b/src/core/config.py
@@ -44,8 +44,8 @@ class Settings(BaseSettings):
 
     # Security
     bcrypt_rounds: int = 12
-    cors_allowed_origins: List[str] = ["http://localhost:3000", "http://localhost:5173"]
-    cors_allowed_origins_production: List[str] = []
+    cors_allowed_origins: List[str] = ["http://localhost:3000", "http://localhost:5173", "http://localhost:8888"]
+    cors_allowed_origins_production: List[str] = ["http://localhost:8888"]
 
     # Audit Logging
     audit_logging_enabled: bool = True
diff --git a/src/core/security_headers.py b/src/core/security_headers.py
index 145ee2d..cbec394 100644
--- a/src/core/security_headers.py
+++ b/src/core/security_headers.py
@@ -245,10 +245,7 @@ def setup_security_middleware(app):
     Args:
         app: FastAPI application instance
     """
-    # Add CORS middleware
-    cors_middleware = CORSSecurityMiddleware.get_middleware()
-    app.add_middleware(type(cors_middleware), **cors_middleware.__dict__)
-
+    # Note: CORS middleware is configured in main.py
     # Add security headers middleware
     app.add_middleware(SecurityHeadersMiddleware)