diff --git a/0_Framework/InfraStructure/FaceEmbeddingService.cs b/0_Framework/InfraStructure/FaceEmbeddingService.cs
index 148adc80..c7845c5d 100644
--- a/0_Framework/InfraStructure/FaceEmbeddingService.cs
+++ b/0_Framework/InfraStructure/FaceEmbeddingService.cs
@@ -9,6 +9,7 @@ using _0_Framework.Application;
 using _0_Framework.Application.FaceEmbedding;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Http;
+using Microsoft.Extensions.Configuration;
 using System.Threading.Tasks;
 
 namespace _0_Framework.Infrastructure;
@@ -24,12 +25,12 @@ public class FaceEmbeddingService : IFaceEmbeddingService
     private readonly string _apiBaseUrl;
 
     public FaceEmbeddingService(IHttpClientFactory httpClientFactory, ILogger<FaceEmbeddingService> logger,
-        IFaceEmbeddingNotificationService notificationService = null)
+        IConfiguration configuration, IFaceEmbeddingNotificationService notificationService = null)
     {
         _httpClientFactory = httpClientFactory;
         _logger = logger;
         _notificationService = notificationService;
-        _apiBaseUrl = "http://localhost:8000";
+        _apiBaseUrl = configuration["FaceEmbeddingApi:BaseUrl"] ?? "http://localhost:8000";
     }
 
     public async Task<OperationResult> GenerateEmbeddingsAsync(long employeeId, long workshopId,
diff --git a/ServiceHost/Program.cs b/ServiceHost/Program.cs
index dffa30bc..943c6f9e 100644
--- a/ServiceHost/Program.cs
+++ b/ServiceHost/Program.cs
@@ -230,15 +230,10 @@ try
     #region CORS
     builder.Services.AddCors(options =>
     {
+        var corsOrigins = builder.Configuration.GetSection("CorsOrigins").Get<string[]>() ?? Array.Empty<string>();
         options.AddPolicy("AllowSpecificOrigins", policy =>
         {
-            policy.WithOrigins(
-                    "http://localhost:3000", "http://localhost:4000", "http://localhost:4001",
-                    "http://localhost:4002", "http://localhost:3001", "https://gozareshgir.ir",
-                    "https://dad-mehr.ir", "https://admin.dad-mehr.ir", "https://client.dad-mehr.ir",
-                    "https://admin.gozareshgir.ir", "https://client.gozareshgir.ir",
-                    "https://admin.dadmehrg.ir", "https://client.dadmehrg.ir", "http://localhost:3300"
-                )
+            policy.WithOrigins(corsOrigins)
                 .AllowAnyHeader()
                 .AllowAnyMethod()
                 .AllowCredentials();