diff --git a/.env.example b/.env.example
index 698664938e..a1ce224a65 100644
--- a/.env.example
+++ b/.env.example
@@ -41,6 +41,12 @@ JWT_TOKEN=
 # [optional] Default: 127.0.0.1 (use 0.0.0.0 for Docker / cloud).
 # Leave unset to keep the default; the Docker image sets 0.0.0.0 automatically.
 # OPENHUMAN_CORE_HOST=
+# [optional] Extra CORS origins (comma-separated) allowed to reach the
+# JSON-RPC server. The Tauri webview and loopback hosts are always allowed.
+# For Docker / cloud deployments where the server binds to 0.0.0.0, add the
+# canonical frontend origin(s) here to prevent cross-origin abuse from
+# arbitrary sites (e.g. OPENHUMAN_CORE_ALLOWED_ORIGINS=https://app.example.com).
+# OPENHUMAN_CORE_ALLOWED_ORIGINS=
 # [optional] Default: 7788
 OPENHUMAN_CORE_PORT=7788
 # [optional] Default: http://127.0.0.1:7788/rpc
diff --git a/src/core/jsonrpc.rs b/src/core/jsonrpc.rs
index a80e6a2d29..e23206ffbe 100644
--- a/src/core/jsonrpc.rs
+++ b/src/core/jsonrpc.rs
@@ -831,6 +831,10 @@ async fn cors_middleware(req: Request, next: Next) -> Response {
 /// distinct. Disallowed origins receive no `Access-Control-Allow-Origin`
 /// header at all — the browser will then refuse to surface the response to
 /// the calling JS. Non-browser callers (no `Origin` header) are unaffected.
+///
+/// For Docker / cloud deployments where the server binds to `0.0.0.0`,
+/// extend the allowlist via the `OPENHUMAN_CORE_ALLOWED_ORIGINS` env var
+/// (comma-separated) rather than wildcarding `Access-Control-Allow-Origin`.
 pub(super) fn with_cors_headers(mut response: Response, origin: Option<&str>) -> Response {
     let headers = response.headers_mut();
     headers.append(header::VARY, HeaderValue::from_static("Origin"));