diff --git a/server/app/__init__.py b/server/app/__init__.py
index 7b5a8add00813f9d44c3ae1db7f21d9910e63fd6..276e4552d4c7f07d205920e35f9c6a9b50195f99 100644
--- a/server/app/__init__.py
+++ b/server/app/__init__.py
@@ -1,4 +1,5 @@
 from flask import Flask, redirect, request
+from flask_cors import CORS
 
 import app.core.models as models
 from app.core import bcrypt, db, jwt
@@ -8,7 +9,6 @@ def create_app(config_name="configmodule.DevelopmentConfig"):
     app = Flask(__name__)
     app.config.from_object(config_name)
     app.url_map.strict_slashes = False
-
     with app.app_context():
 
         bcrypt.init_app(app)
@@ -25,6 +25,12 @@ def create_app(config_name="configmodule.DevelopmentConfig"):
             if rp != "/" and rp.endswith("/"):
                 return redirect(rp[:-1])
 
+        @app.after_request
+        def set_core(response):
+            header = response.headers
+            header["Access-Control-Allow-Origin"] = "*"
+            return response
+
         return app
 
 
diff --git a/server/app/apis/auth.py b/server/app/apis/auth.py
index 06706127ccf9694d28ce71d880042a6f78782df7..a425f904b5e41a71a8bc6356b3a3f0701720fc1f 100644
--- a/server/app/apis/auth.py
+++ b/server/app/apis/auth.py
@@ -11,7 +11,7 @@ from flask_jwt_extended import (
     jwt_refresh_token_required,
     jwt_required,
 )
-from flask_restx import Namespace, Resource
+from flask_restx import Namespace, Resource, cors
 
 api = Namespace("auth")
 
@@ -23,6 +23,7 @@ def get_user_claims(item_user):
 @api.route("/signup")
 class AuthSignup(Resource):
     @jwt_required
+    @cors.crossdomain(origin="*")
     def post(self):
         args = create_user_parser.parse_args(strict=True)
         email = args.get("email")
@@ -44,6 +45,7 @@ class AuthSignup(Resource):
 @api.param("ID")
 class AuthDelete(Resource):
     @jwt_required
+    @cors.crossdomain(origin="*")
     def delete(self, ID):
         item_user = User.query.filter(User.id == ID).first()
         dbc.delete(item_user)
@@ -55,6 +57,7 @@ class AuthDelete(Resource):
 
 @api.route("/login")
 class AuthLogin(Resource):
+    @cors.crossdomain(origin="*")
     def post(self):
         args = login_parser.parse_args(strict=True)
         email = args.get("email")
@@ -74,6 +77,7 @@ class AuthLogin(Resource):
 @api.route("/logout")
 class AuthLogout(Resource):
     @jwt_required
+    @cors.crossdomain(origin="*")
     def post(self):
         jti = get_raw_jwt()["jti"]
         dbc.add.blacklist(jti)
@@ -84,6 +88,7 @@ class AuthLogout(Resource):
 class AuthRefresh(Resource):
     @jwt_required
     @jwt_refresh_token_required
+    @cors.crossdomain(origin="*")
     def post(self):
         old_jti = get_raw_jwt()["jti"]