diff --git a/pkg/api/api.go b/pkg/api/api.go
index 07b7534..c28ffa9 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -48,6 +48,9 @@ func Router() *gin.Engine {
 	// return error for invalid routes
 	r.NoRoute(HandleInvalidUrl)
 
+	// CORS middleware
+	r.Use(auth.CORSMiddleware())
+
 	unAuthorizedv1 := r.Group("/api/v1")
 	{
 		licenses := unAuthorizedv1.Group("/licenses")
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 3cdb915..e332c88 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -227,3 +227,20 @@ func AuthenticationMiddleware() gin.HandlerFunc {
 		c.Next()
 	}
 }
+
+// CORSMiddleware is a middleware function for CORS.
+func CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, PATCH, DELETE")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
+}