diff --git a/Controllers/AuthController.cs b/Controllers/AuthController.cs
index 967c5de..511910e 100644
--- a/Controllers/AuthController.cs
+++ b/Controllers/AuthController.cs
@@ -5,11 +5,13 @@ using QuotifyBE.Entities;
 using QuotifyBE.DTOs;
 using System.Threading.Tasks;
 using QuotifyBE.Mapping;
+using Microsoft.AspNetCore.Cors;
 
 namespace QuotifyBE.Controllers;
 
 
 [ApiController]
+[EnableCors]
 [Route("api/v1/auth")]
 [Produces("application/json")]
 public class AuthController : ControllerBase
@@ -42,6 +44,7 @@ public class AuthController : ControllerBase
     /// <response code="401">Returned on request with unknown pair of email and password (wrong password)</response>
     /// <response code="404">Returned on request with unknwon email</response>
     [HttpPost("login")]
+    [EnableCors]
     [ProducesResponseType(typeof(SuccessfulLoginDTO), 200)]
     [ProducesResponseType(typeof(ErrorDTO), 400)]
     [ProducesResponseType(typeof(ErrorDTO), 401)]
@@ -87,6 +90,7 @@ public class AuthController : ControllerBase
     /// <response code="401">Returned on request with invalid JWT</response>
     [HttpGet("some_values")]
     [Authorize]
+    [EnableCors]
     [ProducesResponseType(200)]
     [ProducesResponseType(401)]
     public IActionResult GetValues()
diff --git a/Controllers/QuoteController.cs b/Controllers/QuoteController.cs
index 14d38e5..6a13c86 100644
--- a/Controllers/QuoteController.cs
+++ b/Controllers/QuoteController.cs
@@ -1,11 +1,12 @@
-using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 using QuotifyBE.Data;
 using QuotifyBE.DTOs;
 using QuotifyBE.Entities;
 using QuotifyBE.Mapping;
 using System.Security.Claims;
-using Microsoft.EntityFrameworkCore;
 
 namespace QuotifyBE.Controllers;
 
@@ -29,12 +30,17 @@ public class QuotesController : ControllerBase
     /// <summary>
     /// Get a page of quotes
     /// </summary>
-    /// <remarks>A page of quotes consists of 10 quotes or less. If a page does not contain any quotes, 404 is returned.</remarks>
+    /// <remarks>
+    /// A page of quotes consists of 10 quotes or less.
+    /// If a page does not contain any quotes, 404 is returned.
+    /// Important! Has CORS set, unlike e.g. GET /api/v1/quote/{id} or GET /api/v1/quote/random.
+    /// </remarks>
     /// <param name="page_no">The page number</param>
     /// <returns>A page (10 quotes)</returns>
     /// <response code="200">Returned on valid request</response>
     /// <response code="404">Returned when requested page is invalid</response>
     [HttpGet("page/{page_no}")]
+    [EnableCors]
     [ProducesResponseType(typeof(List<QuoteShortDTO>), 200)]
     [ProducesResponseType(typeof(ErrorDTO), 404)]
     public async Task<IActionResult> GetQuotePage(int page_no)
@@ -102,6 +108,7 @@ public class QuotesController : ControllerBase
     /// <response code="403">Returned when user's id does not match the creator's id</response>
     [HttpPost("new")]
     [Authorize]
+    [EnableCors]
     [ProducesResponseType(201)] // ? FIXME
     [ProducesResponseType(typeof(ErrorDTO), 400)]
     [ProducesResponseType(typeof(ErrorDTO), 403)]
diff --git a/Program.cs b/Program.cs
index 1e959cc..6258a0c 100644
--- a/Program.cs
+++ b/Program.cs
@@ -21,6 +21,22 @@ var JwtSecret = builder.Configuration["JwtSecret"]
 var DomainName = builder.Configuration["DomainName"]
     ?? throw new InvalidOperationException("Domain name is not configured!!! Please configure DomainName in appsettings.json!");
 
+var CorsOrigins = builder.Configuration.GetSection("CorsOrigins").Get<List<string>>()
+    ?? throw new InvalidOperationException("CORS is not configured!!! Please configure CorsOrigins in appsettings.json!");
+
+// Add default CORS policy
+builder.Services.AddCors(options =>
+{
+
+    options.AddDefaultPolicy(
+        policy =>
+        {
+            policy
+            .WithOrigins(CorsOrigins.ToArray())
+            .AllowAnyHeader(); // this might not be the greatest idea
+        });
+});
+
 // Configure JWT authentication
 // https://medium.com/@solomongetachew112/jwt-authentication-in-net-8-a-complete-guide-for-secure-and-scalable-applications-6281e5e8667c
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
diff --git a/appsettings.example.json b/appsettings.example.json
index 24444ef..000ae2f 100644
--- a/appsettings.example.json
+++ b/appsettings.example.json
@@ -1,6 +1,9 @@
 {
   "JwtSecret": "this is a sample jwt secret token required for quotify - it needs to have at least 256 bits (32 bytes long)",
   "DomainName": "example.com",
+  "CorsOrigins": [
+    "http://localhost:5259", "http://localhost:5258", "http://example.com"
+  ],
   "ConnectionStrings": {
     "DefaultConnection": "Server=server-host;Database=db-name;Username=quotify-user;Password=user-secret"
   },