diff --git a/src/main/java/de/avatic/lcc/config/SecurityConfig.java b/src/main/java/de/avatic/lcc/config/SecurityConfig.java
index 7a65bc0..bf1bb7f 100644
--- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java
+++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java
@@ -2,8 +2,8 @@ package de.avatic.lcc.config;
 
 import de.avatic.lcc.model.db.users.User;
 import de.avatic.lcc.repositories.users.GroupRepository;
-import de.avatic.lcc.service.apps.JwtTokenService;
 import de.avatic.lcc.repositories.users.UserRepository;
+import de.avatic.lcc.service.apps.JwtTokenService;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -128,7 +128,9 @@ public class SecurityConfig {
             origins[i] = origins[i].trim();
         }
 
-        configuration.setAllowedOrigins(Arrays.asList(origins));
+        if (origins.length != 0) {
+            configuration.setAllowedOrigins(Arrays.asList(origins));
+        }
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
         configuration.setAllowCredentials(true);
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 16bc014..7399574 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -20,4 +20,6 @@ management.endpoint.health.show-details=always
 spring.flyway.enabled=true
 spring.flyway.locations=classpath:db/migration
 spring.flyway.baseline-on-migrate=true
-spring.sql.init.mode=never
\ No newline at end of file
+spring.sql.init.mode=never
+
+lcc.allowed_cors=
\ No newline at end of file