diff --git a/README.md b/README.md
index ef8b5c0..3264fc4 100644
--- a/README.md
+++ b/README.md
@@ -15,17 +15,20 @@ Example config:
     {
         "database": "sqlite:///file.db", // SQLAlchemy database URI
         // see https://docs.sqlalchemy.org/en/13/core/engines.html#database-urls
-        "allow_signup": false // whether to allow /api/signup or not
-        "loglevel": 0 // 0: errors, 1: warnings, 2: info
+        "allow_signup": false, // whether to allow /api/signup or not
+        "loglevel": 0, // 0: errors, 1: warnings, 2: info
+        "domain": "https://your.domain.tld" // full domain with HTTPS
+        // needed for CORS
     }
 
 If there are environment variables `AMBER_DATABASE` / `AMBER_ALLOW_SIGNUP` /
-`AMBER_LOGLEVEL` set, the program will respect them and use over the values
-provided with the config file.
+`AMBER_LOGLEVEL`, `AMBER_DOMAIN` set, the program will respect them and use
+over the values provided with the config file.
 
 #### Dependencies
 
-This app directly depends on `flask`, `flask-sqlalchemy`, and `bcrypt`.
+This app directly depends on `flask`, `flask-sqlalchemy`, `flask-cors`, and
+`bcrypt`.
 
 #### Licenses
 
diff --git a/project_amber/app.py b/project_amber/app.py
index caded1c..c37db6a 100644
--- a/project_amber/app.py
+++ b/project_amber/app.py
@@ -1,6 +1,7 @@
 from json import dumps
 
 from flask import Flask, request
+from flask_cors import CORS
 
 from project_amber.config import config
 from project_amber.db import db
@@ -16,6 +17,7 @@
 app = Flask(__name__)
 app.config["SQLALCHEMY_DATABASE_URI"] = config["database"]
 db.init_app(app)
+CORS(app, resources={r"/*": {"origins": config["domain"]}})
 
 @app.before_request
 def middleware():
diff --git a/project_amber/config.py b/project_amber/config.py
index cbd9e67..80f68aa 100644
--- a/project_amber/config.py
+++ b/project_amber/config.py
@@ -9,7 +9,8 @@
 config = {
     "database": "",
     "loglevel": 0,
-    "allow_signup": False
+    "allow_signup": False,
+    "domain": "*"
 }
 
 # search for every file name and load the config from the first file
@@ -55,7 +56,8 @@ def string_to_bool(val: str) -> bool:
     ("AMBER_DATABASE", "database", lambda val: val), # str -> str
     # pylint: disable=unnecessary-lambda
     ("AMBER_LOGLEVEL", "loglevel", lambda val: int(val)), # str -> int
-    ("AMBER_ALLOW_SIGNUP", "allow_signup", string_to_bool) # str -> bool
+    ("AMBER_ALLOW_SIGNUP", "allow_signup", string_to_bool), # str -> bool
+    ("AMBER_DOMAIN", "domain", lambda val: val) # str -> str
 ):
     env_value = os.getenv(mapping[0])
     if not env_value is None:
diff --git a/requirements.txt b/requirements.txt
index e9754cc..c8ef1d2 100644
Binary files a/requirements.txt and b/requirements.txt differ
diff --git a/setup.py b/setup.py
index b62ba82..b61256f 100644
--- a/setup.py
+++ b/setup.py
@@ -24,6 +24,7 @@
     packages=["project_amber"],
     install_requires=[
         "flask",
+        "flask-cors",
         "flask-sqlalchemy",
         "bcrypt"
     ],