diff --git a/config/application.properties b/config/application.properties
index ac103b5..2316732 100644
--- a/config/application.properties
+++ b/config/application.properties
@@ -28,3 +28,8 @@ ADYEN_SESSION_AUTHENTICATION_API_URL=https://test.adyen.com/authe/api/v1/session
 ## When undefined the default theme will be used
 ADYEN_HOSTED_ONBOARDING_THEME_ID=
 
+## URL where the AfP components will appear
+## Examples: https://www.example.com | https://*.example.com | http://localhost
+##
+ADYEN_COMPONENTS_ALLOW_ORIGIN=
+
diff --git a/src/main/java/com/adyen/config/ApplicationProperty.java b/src/main/java/com/adyen/config/ApplicationProperty.java
index 659fbb5..347c740 100644
--- a/src/main/java/com/adyen/config/ApplicationProperty.java
+++ b/src/main/java/com/adyen/config/ApplicationProperty.java
@@ -27,6 +27,9 @@ public class ApplicationProperty {
     @Value("${ADYEN_SESSION_AUTHENTICATION_API_URL:https://test.adyen.com/authe/api/v1/sessions}")
     private String sessionAuthenticationApiUrl;
 
+    @Value("${ADYEN_COMPONENTS_ALLOW_ORIGIN}")
+    private String componentsAllowOrigin;
+
     public String getApiKey() {
         return apiKey;
     }
@@ -82,4 +85,12 @@ public String getSessionAuthenticationApiUrl() {
     public void setSessionAuthenticationApiUrl(String sessionAuthenticationApiUrl) {
         this.sessionAuthenticationApiUrl = sessionAuthenticationApiUrl;
     }
+
+    public String getComponentsAllowOrigin() {
+        return componentsAllowOrigin;
+    }
+
+    public void setComponentsAllowOrigin(String componentsAllowOrigin) {
+        this.componentsAllowOrigin = componentsAllowOrigin;
+    }
 }
diff --git a/src/main/java/com/adyen/controller/DashboardController.java b/src/main/java/com/adyen/controller/DashboardController.java
index 0207b7b..98fc43a 100644
--- a/src/main/java/com/adyen/controller/DashboardController.java
+++ b/src/main/java/com/adyen/controller/DashboardController.java
@@ -118,7 +118,7 @@ ResponseEntity<SessionResponse> getTransactions() {
 
         // Perform session call to obtain a valid Session token
         SessionRequest sessionRequest = new SessionRequest()
-                .allowOrigin("http://localhost")
+                .allowOrigin(getApplicationProperty().getComponentsAllowOrigin())
                 .product("platform")
                 .policy(new SessionRequestPolicy()
                         .resources(List.of(new PolicyResource()