diff --git a/blogo/go.mod b/blogo/go.mod
index 5164f9c..3a1d045 100644
--- a/blogo/go.mod
+++ b/blogo/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/go-chi/chi v1.5.4
 	github.com/go-chi/chi/v5 v5.0.10
+	github.com/go-chi/cors v1.2.1
 	github.com/gorilla/feeds v1.1.1
 	github.com/joho/godotenv v1.5.1
 	github.com/nbd-wtf/go-nostr v0.19.5
diff --git a/blogo/go.sum b/blogo/go.sum
index c77c616..5fc9643 100644
--- a/blogo/go.sum
+++ b/blogo/go.sum
@@ -56,6 +56,8 @@ github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=
 github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=
 github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
 github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
diff --git a/blogo/routes.go b/blogo/routes.go
index 24394d7..1fc604a 100644
--- a/blogo/routes.go
+++ b/blogo/routes.go
@@ -14,6 +14,7 @@ import (
 	"github.com/dustin/go-humanize"
 	"github.com/go-chi/chi/middleware"
 	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/cors"
 	"github.com/rs/zerolog/log"
 	"gorm.io/datatypes"
 )
@@ -38,6 +39,18 @@ func InitRoutes() *chi.Mux {
 		})
 	}
 
+	// Setup CORS
+	r.Use(cors.Handler(cors.Options{
+		// AllowedOrigins:   []string{"https://foo.com"}, // Use this to allow specific origin hosts
+		AllowedOrigins: []string{"https://*", "http://*"},
+		// AllowOriginFunc:  func(r *http.Request, origin string) bool { return true },
+		AllowedMethods:   []string{"GET"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		ExposedHeaders:   []string{"Link"},
+		AllowCredentials: false,
+		MaxAge:           300, // Maximum value not ignored by any of major browsers
+	}))
+
 	fileServer := http.FileServer(http.Dir(fmt.Sprintf("%v/static", os.Getenv("CONTENT_PATH"))))
 	r.Handle("/static/*", http.StripPrefix("/static/", fileServer))