diff --git a/defaults/main.yml b/defaults/main.yml
index 49168f8..f884ba6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -45,7 +45,7 @@ hydra_urls_login: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base
 hydra_urls_logout: "{{ haproxy_public_base_url }}{{ haproxy_hydra_dispatcher_base_path }}/logout"
 hydra_url_post_logout: "{{ haproxy_public_base_url }}"
 hydra_urls_error: "{{ haproxy_public_base_url }}/erreur"
-
+hydra_public_cors_allowed_origins: []
 
 hydra_log_level: warn
 hydra_log_leak_sensitive_values: no
diff --git a/templates/cadoles-pod-hydra-v1.conf.j2 b/templates/cadoles-pod-hydra-v1.conf.j2
index 6984fdf..0ea00df 100644
--- a/templates/cadoles-pod-hydra-v1.conf.j2
+++ b/templates/cadoles-pod-hydra-v1.conf.j2
@@ -18,6 +18,10 @@ PODMAN_ARGS="\
     -e 'HYDRA_URL_POST_LOGOUT={{ hydra_url_post_logout }}' \
     -e 'HYDRA_ALLOW_INSECURE=yes' \
     -e 'HYDRA_LEVEL={{ hydra_log_level }}' \
+    {% if hydra_public_cors_allowed_origins | default([]) | length > 0 %}
+    -e 'SERVE_PUBLIC_CORS_ENABLED=true' \
+    -e 'SERVE_PUBLIC_CORS_ALLOWED_ORIGINS={{ hydra_public_cors_allowed_origins | join(',') }}' \
+    {% endif %}
     -e 'HYDRA_SECRETS_SYSTEM={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
     -e 'HYDRA_OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT={{ lookup('ansible.builtin.password', '/dev/null length=32 seed=hydra_secrets_seed') }}' \
     -v /etc/hydra/clients.d:/etc/hydra/clients.d \