diff --git a/.env.production b/.env.production
index d9e6ccd..f7d4d5c 100644
--- a/.env.production
+++ b/.env.production
@@ -10,8 +10,8 @@ SECRET_KEY=CAMBIAR-CLAVE-SECRETA-MINIMO-32-CARACTERES-SUPER-SEGURA
 OPENAI_API_KEY=tu-openai-api-key-aqui
 ENVIRONMENT=production
 
-# CORS - Separar múltiples dominios con comas
-ALLOWED_ORIGINS=http://checklist-rons-0e8a3a-63dbc4-72-61-106-199.traefik.me,http://checklist-rons-0e8a3a-63dbc4-72-61-106-199.traefik.me
+# CORS - URL del FRONTEND (de donde vienen las peticiones)
+ALLOWED_ORIGINS=http://checklist-frontend-n5eten-9cb24a-72-61-106-199.traefik.me
 
-# Frontend - URL del backend en Dockploy
-VITE_API_URL=http://checklist-rons-0e8a3a-63dbc4-72-61-106-199.traefik.me
+# Frontend - Vacío para usar URL relativa con proxy de Nginx
+VITE_API_URL=
diff --git a/backend/app/core/config.py b/backend/app/core/config.py
index 3b4486c..3329590 100644
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -16,12 +16,21 @@ class Settings(BaseSettings):
     # Environment
     ENVIRONMENT: str = "development"
     
+    # CORS - Orígenes permitidos separados por coma
+    ALLOWED_ORIGINS: str = "http://localhost:3000,http://localhost:5173"
+    
     # Uploads
     UPLOAD_DIR: str = "uploads"
     MAX_FILE_SIZE: int = 10 * 1024 * 1024  # 10MB
     
+    @property
+    def cors_origins(self) -> list:
+        """Convierte el string de origins separado por comas en una lista"""
+        return [origin.strip() for origin in self.ALLOWED_ORIGINS.split(",") if origin.strip()]
+    
     class Config:
         env_file = ".env"
         case_sensitive = True
+        extra = "ignore"  # Permite variables extras sin error
 
 settings = Settings()
diff --git a/backend/app/main.py b/backend/app/main.py
index 429271f..a665f2b 100644
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -9,6 +9,7 @@ from datetime import datetime, timedelta
 
 from app.core.database import engine, get_db, Base
 from app.core.security import verify_password, get_password_hash, create_access_token, decode_access_token
+from app.core.config import settings
 from app import models, schemas
 
 # Crear tablas
@@ -16,16 +17,18 @@ Base.metadata.create_all(bind=engine)
 
 app = FastAPI(title="Checklist Inteligente API", version="1.0.0")
 
-# CORS - Configuración dinámica para desarrollo y producción
-allowed_origins = os.getenv("ALLOWED_ORIGINS", "http://localhost:5173,http://localhost:3000").split(",")
+# CORS - Usar configuración de settings
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=allowed_origins,
+    allow_origins=settings.cors_origins,
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
 )
 
+# Log para debug
+print(f"🌐 CORS configured for origins: {settings.cors_origins}")
+
 security = HTTPBearer()
 
 # Dependency para obtener usuario actual