diff --git a/loaders/express.js b/loaders/express.js
index fb22255..21160c9 100644
--- a/loaders/express.js
+++ b/loaders/express.js
@@ -16,7 +16,7 @@ const loadExpress = ({ app, secret }) => {
     max: 100, //requests = a single IP for a time window
   });
 
-  app.use(cors({ exposedHeaders: "x-auth-token" }));
+  app.use(cors({ exposedHeaders: "x-auth-token", origin: true }));
   app.use(helmet());
   app.use(limiter);
   app.use(bodyParser.json({ limit: "100kb" })); // limit JSON body payload size