diff --git a/.env.example b/.env.example
index 40d3f83..89bb6b4 100644
--- a/.env.example
+++ b/.env.example
@@ -10,7 +10,7 @@ AGENT_RECURSION_LIMIT=30
 # CORS settings
 # Comma-separated list of allowed origins for CORS requests
 # Example: ALLOWED_ORIGINS=http://localhost:3000,http://example.com
-ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000
+ALLOWED_ORIGINS=http://localhost:3000
 
 # Enable or disable MCP server configuration, the default is false.
 # Please enable this feature before securing your front-end and back-end in a managed environment.
diff --git a/src/server/app.py b/src/server/app.py
index 466c676..2d9abf1 100644
--- a/src/server/app.py
+++ b/src/server/app.py
@@ -55,9 +55,7 @@ app = FastAPI(
 # Add CORS middleware
 # It's recommended to load the allowed origins from an environment variable
 # for better security and flexibility across different environments.
-allowed_origins_str = os.getenv(
-    "ALLOWED_ORIGINS", "http://localhost:3000,http://localhost:8000"
-)
+allowed_origins_str = os.getenv("ALLOWED_ORIGINS", "http://localhost:3000")
 allowed_origins = [origin.strip() for origin in allowed_origins_str.split(",")]
 
 logger.info(f"Allowed origins: {allowed_origins}")
@@ -67,7 +65,7 @@ app.add_middleware(
     allow_origins=allowed_origins,  # Restrict to specific origins
     allow_credentials=True,
     allow_methods=["GET", "POST", "OPTIONS"],  # Use the configured list of methods
-    allow_headers=["text/event-stream"],  # Now it supports SSE
+    allow_headers=["*"],  # Now allow all headers, but can be restricted further
 )
 
 graph = build_graph_with_memory()