diff --git a/actix/Cargo.lock b/actix/Cargo.lock
index a243894..310d4d0 100644
--- a/actix/Cargo.lock
+++ b/actix/Cargo.lock
@@ -19,6 +19,21 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "actix-cors"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9e772b3bcafe335042b5db010ab7c09013dad6eac4915c91d8d50902769f331"
+dependencies = [
+ "actix-utils",
+ "actix-web",
+ "derive_more 0.99.18",
+ "futures-util",
+ "log",
+ "once_cell",
+ "smallvec",
+]
+
 [[package]]
 name = "actix-files"
 version = "0.6.6"
@@ -479,6 +494,7 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 name = "chhoto-url"
 version = "5.6.1"
 dependencies = [
+ "actix-cors",
  "actix-files",
  "actix-session",
  "actix-web",
@@ -738,6 +754,7 @@ dependencies = [
  "futures-task",
  "pin-project-lite",
  "pin-utils",
+ "slab",
 ]
 
 [[package]]
diff --git a/actix/Cargo.toml b/actix/Cargo.toml
index 5a20756..097e4b5 100644
--- a/actix/Cargo.toml
+++ b/actix/Cargo.toml
@@ -29,6 +29,7 @@ categories = ["web-programming"]
 [dependencies]
 actix-web = "4.5.1"
 actix-files = "0.6.5"
+actix-cors = "0.7.0"
 rusqlite = { version = "0.32.0", features = ["bundled"] }
 regex = "1.10.3"
 rand = "0.8.5"
diff --git a/actix/src/main.rs b/actix/src/main.rs
index 71d66fe..997dbe8 100644
--- a/actix/src/main.rs
+++ b/actix/src/main.rs
@@ -4,6 +4,7 @@
 use actix_files::Files;
 use actix_session::{storage::CookieSessionStore, SessionMiddleware};
 use actix_web::{cookie::Key, middleware, web, App, HttpServer};
+use actix_cors::Cors;
 use rusqlite::Connection;
 use std::{env, io::Result};
 
@@ -40,6 +41,7 @@ async fn main() -> Result<()> {
         .ok()
         .filter(|s| !s.trim().is_empty());
 
+
     // If an API key is set, check the security
     if let Ok(key) = env::var("api_key") {
         if !auth::is_key_secure() {
@@ -82,9 +84,18 @@ async fn main() -> Result<()> {
 
     // Actually start the server
     HttpServer::new(move || {
+        // Define cors
+        let cors = Cors::default()
+            .allow_any_origin()
+            .supports_credentials()
+            .allowed_methods(vec!["GET", "POST", "DELETE"])
+            .allowed_header("X-API-Key")
+            .max_age(3600);
+
         App::new()
             .wrap(middleware::Logger::default())
             .wrap(middleware::Compress::default())
+            .wrap(cors)
             .wrap(
                 SessionMiddleware::builder(CookieSessionStore::default(), secret_key.clone())
                     .cookie_same_site(actix_web::cookie::SameSite::Strict)