diff --git a/package.json b/package.json
index 860ef6d2e..0a2677e83 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,8 @@
       "rimraf": "^3.0.2",
       "sharp": "^0.31.3",
       "csrf-csrf": "^2.2.3",
-      "cookie-parser": "^1.4.6"
+      "cookie-parser": "^1.4.6",
+      "cors": "^2.8.5"
     },
     "name": "TavernAI",
     "version": "1.2.7",
diff --git a/server.js b/server.js
index 767126466..03bd72941 100644
--- a/server.js
+++ b/server.js
@@ -17,9 +17,8 @@ sharp.cache(false);
 const path = require('path');
 
 const cookieParser = require('cookie-parser');
-
 const crypto = require('crypto');
-const doubleCsrf = require('csrf-csrf').doubleCsrf;
+
 
 const config = require('./config.json');
 const server_port = config.port;
@@ -54,6 +53,9 @@ var is_colab = false;
 const jsonParser = express.json({limit: '100mb'});
 const urlencodedParser = express.urlencoded({extended: true, limit: '100mb'});
 
+// CSRF Protection //
+const doubleCsrf = require('csrf-csrf').doubleCsrf;
+
 const CSRF_SECRET = crypto.randomBytes(8).toString('hex');
 const COOKIES_SECRET = crypto.randomBytes(8).toString('hex');
 
@@ -77,6 +79,15 @@ app.get("/csrf-token", (req, res) => {
 app.use(cookieParser(COOKIES_SECRET));
 app.use(doubleCsrfProtection);
 
+// CORS Settings //
+const cors = require('cors');
+const CORS = cors({
+	origin: 'null',
+	methods: ['OPTIONS']
+})
+
+app.use(CORS);
+
 app.use(function (req, res, next) { //Security
     const clientIp = req.connection.remoteAddress.split(':').pop();
     if (whitelistMode === true && !whitelist.includes(clientIp)) {