diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index 28152722aa..7ab49d7d9c 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -160,7 +160,9 @@ namespace Bit.Api
             app.UseStaticFiles();
 
             // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+            app.UseCors(policy => policy
+                .WithOrigins(globalSettings.BaseServiceUri.Vault)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
             // Add authentication to the request pipeline.
             app.UseAuthentication();
diff --git a/src/Events/Startup.cs b/src/Events/Startup.cs
index 1408a52ebe..e97f9d053b 100644
--- a/src/Events/Startup.cs
+++ b/src/Events/Startup.cs
@@ -94,7 +94,9 @@ namespace Bit.Events
             app.UseDefaultMiddleware(env);
 
             // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+            app.UseCors(policy => policy
+                .WithOrigins(globalSettings.BaseServiceUri.Vault)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
             // Add authentication to the request pipeline.
             app.UseAuthentication();
diff --git a/src/Notifications/Startup.cs b/src/Notifications/Startup.cs
index e2c45cafbc..0cd0dd1d71 100644
--- a/src/Notifications/Startup.cs
+++ b/src/Notifications/Startup.cs
@@ -94,7 +94,9 @@ namespace Bit.Notifications
             }
 
             // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+            app.UseCors(policy => policy
+                .WithOrigins(globalSettings.BaseServiceUri.Vault)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
             // Add authentication to the request pipeline.
             app.UseAuthentication();