diff --git a/backend/internal/middleware/cors.go b/backend/internal/middleware/cors.go
index 955c1a5f..6427ae12 100644
--- a/backend/internal/middleware/cors.go
+++ b/backend/internal/middleware/cors.go
@@ -15,13 +15,7 @@ func NewCorsMiddleware() *CorsMiddleware {
 
 func (m *CorsMiddleware) Add() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// Allow all origins for the token endpoint
-		if c.FullPath() == "/api/oidc/token" {
-			c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
-		} else {
-			c.Writer.Header().Set("Access-Control-Allow-Origin", common.EnvConfig.AppURL)
-		}
-
+		c.Writer.Header().Set("Access-Control-Allow-Origin", common.EnvConfig.AppURL)
 		c.Writer.Header().Set("Access-Control-Allow-Headers", "*")
 		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")