diff --git a/public/index.php b/public/index.php
index eb91c15..9f22a34 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,16 +1,18 @@
 <?php
 
 use Zend\Diactoros\ServerRequestFactory;
 use Zend\HttpHandlerRunner\Emitter\SapiEmitter;
 
 
 // in case something goes wrong (should get changed when sending a response)
 http_response_code(500);
 require __DIR__ . DIRECTORY_SEPARATOR .  '..' . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
 //require __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'config.php';
 
 $request = ServerRequestFactory::fromGlobals();
 
+header("Access-Control-Allow-Origin: *");
+
 $response = (new Wikicaptcha\Backend\Controller())->handle($request);
 
 (new SapiEmitter())->emit($response);
\ No newline at end of file
diff --git a/src/Cors.php b/src/Cors.php
new file mode 100644
index 0000000..03c98d9
--- /dev/null
+++ b/src/Cors.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace Wikicaptcha\Backend;
+
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Zend\Diactoros\Response\EmptyResponse;
+
+class Cors implements RequestHandlerInterface {
+
+	public function handle(ServerRequestInterface $request): ResponseInterface {
+		return new EmptyResponse(204, [
+			'Access-Control-Allow-Origin' => '*',
+			'Access-Control-Allow-Headers' => '*',
+			'Access-Control-Allow-Methods' => '*',
+			'Access-Control-Max-Age' => 86400,
+		]);
+	}
+}
diff --git a/src/Router.php b/src/Router.php
index e2e2feb..d9b77e1 100644
--- a/src/Router.php
+++ b/src/Router.php
@@ -1,38 +1,39 @@
 <?php
 
 namespace Wikicaptcha\Backend;
 
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
 use Zend\Diactoros\Response\JsonResponse;
 
 class Router implements MiddlewareInterface {
 	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface {
 		$dispatcher = \FastRoute\simpleDispatcher(
 			function(\FastRoute\RouteCollector $r) {
 				$r->get('/', Index::class);
 				$r->get('/test', Test::class);
 				$r->post('/questions', Questions::class);
 				$r->put('/answers', Answers::class);
+				$r->addRoute(['OPTIONS'], '/{any}', Cors::class);
 			});
 
 		$route = $dispatcher->dispatch($request->getMethod(), $request->getUri()->getPath());
 
 
 		switch($route[0]) {
 			case \FastRoute\Dispatcher::FOUND:
 				/** @var MiddlewareInterface $method */
 				$method = $route[1];
 				$request = $request->withAttribute('Method', $method);
 				return $handler->handle($request);
 			default:
 			case \FastRoute\Dispatcher::NOT_FOUND:
 				return new JsonResponse(['error' => 'Not found'], 404);
 			case \FastRoute\Dispatcher::METHOD_NOT_ALLOWED:
 				return new JsonResponse(['error' => 'Method not allowed'], 405, ['Allow' => implode(', ', $route[1])]);
 		}
 	}
 }