diff --git a/requirements.txt b/requirements.txt
index df8ab7b..d0cea89 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,7 @@
 Django==2.2.8
 boto3==1.10.45
 Pillow==6.2.1
+django-cors-headers==3.2.0
 django-redis==4.11.0
 django-registration==3.0.1
 django-storages==1.8.0
diff --git a/xmrauctions/settings.py b/xmrauctions/settings.py
index d2da09d..aede8af 100644
--- a/xmrauctions/settings.py
+++ b/xmrauctions/settings.py
@@ -40,10 +40,12 @@ INSTALLED_APPS = [
     'items.apps.ItemsConfig',
     'sales.apps.SalesConfig',
     'core.apps.CoreConfig',
-    'huey.contrib.djhuey'
+    'huey.contrib.djhuey',
+    'corsheaders'
 ]
 
 MIDDLEWARE = [
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
@@ -219,3 +221,12 @@ WALLET_PASS = os.environ.get('WALLET_PASS', '')
 
 EMAIL_BACKEND = os.environ.get('EMAIL_BACKEND', 'django.core.mail.backends.console.EmailBackend')
 EMAIL_FROM = 'noreply@xmrauctions.net'
+
+
+# CORS
+
+CORS_ORIGIN_ALLOW_ALL = os.environ.get('CORS_ORIGIN_ALLOW_ALL', False)
+CORS_ORIGIN_WHITELIST = os.environ.get('CORS_ORIGIN_WHITELIST', [])
+CORS_ORIGIN_REGEX_WHITELIST = [
+    r"^https://static\.\w+\.xmrauctions\.com$",
+]