diff --git a/backoffice/src/main.ts b/backoffice/src/main.ts
index 8d535d9..aff6288 100644
--- a/backoffice/src/main.ts
+++ b/backoffice/src/main.ts
@@ -51,7 +51,10 @@ async function bootstrap() {
         ...envOrigins,
       ].filter(Boolean);
 
-      if (!origin || allowedOrigins.includes(origin)) {
+      // Allow all *.gohorsejobs.com subdomains (http and https)
+      const gohorsePattern = /^https?:\/\/([a-z0-9-]+\.)*gohorsejobs\.com$/;
+
+      if (!origin || allowedOrigins.includes(origin) || gohorsePattern.test(origin)) {
         callback(null, true);
       } else {
         callback(new Error('Not allowed by CORS'), false);