diff --git a/internal/server/corsmiddleware.go b/internal/server/corsmiddleware.go
new file mode 100644
index 0000000..2815275
--- /dev/null
+++ b/internal/server/corsmiddleware.go
@@ -0,0 +1,16 @@
+package server
+
+import "net/http"
+
+func corsMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
diff --git a/internal/server/http.go b/internal/server/http.go
index cf11d37..a03b813 100644
--- a/internal/server/http.go
+++ b/internal/server/http.go
@@ -10,7 +10,10 @@ import (
 	"tomatentum.net/svg-templater/pkg/svg"
 )
 
+var mux http.ServeMux
+
 func PrepareHTTP() {
+	mux = *http.NewServeMux()
 	registerAuthorizedFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintln(w, "You are authorized!")
 	})
@@ -51,13 +54,14 @@ func PrepareHTTP() {
 
 func Start() {
 	log.Println("Starting http server on :3000")
-	if err := http.ListenAndServe(":3000", nil); err != nil {
+	handler := corsMiddleware(&mux)
+	if err := http.ListenAndServe(":3000", handler); err != nil {
 		panic(err)
 	}
 }
 
 func registerAuthorized(path string, handler http.Handler) {
-	http.HandleFunc(path, auth.AuthMiddleware(handler))
+	mux.HandleFunc(path, auth.AuthMiddleware(handler))
 	log.Println("Registered authorized handler for", path)
 }