diff --git a/src/chat/gateways/chat.gateway.ts b/src/chat/gateways/chat.gateway.ts
index 72080e3..7c33e8e 100644
--- a/src/chat/gateways/chat.gateway.ts
+++ b/src/chat/gateways/chat.gateway.ts
@@ -29,8 +29,13 @@ interface AuthenticatedSocket extends Socket {
   path: '/socket.io',
   transports: ['websocket'],
   cors: {
-    origin: ['https://whatlunch.vercel.app'],
+    origin: [
+      'https://whatlunch.vercel.app',
+      'http://localhost:3000',
+      /https:\/\/whatlunch-.*\.vercel\.app$/,
+    ],
     credentials: true,
+    allowedHeaders: ['Content-Type', 'Authorization', 'Cookie'],
   },
 })
 export class ChatGateway implements OnGatewayConnection, OnGatewayDisconnect {
@@ -64,6 +69,18 @@ export class ChatGateway implements OnGatewayConnection, OnGatewayDisconnect {
         .find((c) => c.startsWith('accessToken='))
         ?.split('=')[1];
 
+      if (!accessToken && typeof client.handshake.auth?.token === 'string') {
+        accessToken = client.handshake.auth.token;
+        if (accessToken) {
+          try {
+            accessToken = decodeURIComponent(accessToken);
+          } catch (error) {
+            console.error('[Gateway] 토큰 디코딩 오류:', error);
+            accessToken = undefined;
+          }
+        }
+      }
+
       if (accessToken) {
         try {
           accessToken = decodeURIComponent(accessToken);
diff --git a/src/main.ts b/src/main.ts
index a4a5efe..a05dc27 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -19,7 +19,11 @@ async function bootstrap() {
 
   app.enableCors({
     origin: (origin, callback) => {
-      const allowedOrigins = ['http://localhost:3000', 'https://whatlunch.vercel.app'];
+      const allowedOrigins = [
+        'http://localhost:3000',
+        'https://whatlunch.vercel.app',
+        /https:\/\/whatlunch-.*\.vercel\.app$/,
+      ];
 
       if (
         !origin ||