diff --git a/.env.example b/.env.example
index 8ecbc62..304a913 100644
--- a/.env.example
+++ b/.env.example
@@ -24,3 +24,5 @@ SMTP_FROM=<the address to send from>
 SMTP_AUTH_USERNAME=<smtp-user>
 SMTP_AUTH_PASSWORD=<smtp pass>
 EMAIL_TO=<mail to send to>
+
+CORS_ORIGIN=<the url of origin for cors>
diff --git a/docker/api-base/compose.yml b/docker/api-base/compose.yml
index 76b987e..fa6d469 100644
--- a/docker/api-base/compose.yml
+++ b/docker/api-base/compose.yml
@@ -15,6 +15,7 @@ services:
       - API_TARGET=user
       - LOG_FILE_PATH=/var/log/log.log
       - JWT_SECRET=${JWT_SECRET}
+      - CORS_ORIGIN=${CORS_ORIGIN}
     restart: unless-stopped
   auth-api:
     container_name: transcendence-api-auth
@@ -35,6 +36,7 @@ services:
       - API_TARGET=auth
       - LOG_FILE_PATH=/var/log/log.log
       - JWT_SECRET=${JWT_SECRET}
+      - CORS_ORIGIN=${CORS_ORIGIN}
     restart: unless-stopped
   scorestore-api:
     container_name: transcendence-api-scoreStore
diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index 0650fa1..63b9888 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -24,7 +24,7 @@ authDB.prepareDB();
 export default async function(fastify, options) {
 
 	fastify.register(cors, {
-		origin: "http://localhost:5173",
+		origin: process.ENV.CORS_ORIGIN || 'http://localhost:5173',
 		credentials: true,
 		methods: [ "GET", "POST", "DELETE", "OPTIONS" ]
 	});
diff --git a/src/api/user/default.js b/src/api/user/default.js
index a5efe65..1c63b59 100644
--- a/src/api/user/default.js
+++ b/src/api/user/default.js
@@ -1,5 +1,6 @@
 import fastifyJWT from '@fastify/jwt';
 import fastifyCookie from '@fastify/cookie';
+import cors from '@fastify/cors'
 import Database from 'better-sqlite3';
 
 var env = process.env.NODE_ENV || 'development';
@@ -56,6 +57,13 @@ const deleteFriends = database.prepare('DELETE FROM friends WHERE username = ?;'
  * @param {import('fastify').FastifyPluginOptions}	options
  */
 export default async function(fastify, options) {
+
+	fastify.register(cors, {
+		origin: process.ENV.CORS_ORIGIN || 'http://localhost:5173',
+		credentials: true,
+		methods: [ "GET", "POST", "DELETE", "OPTIONS" ]
+	});
+
 	fastify.register(fastifyJWT, {
 		secret: process.env.JWT_SECRET || '123456789101112131415161718192021',
 		cookie: {