diff --git a/delivery/controller/backbone_controller.go b/delivery/controller/backbone_controller.go
index b6c90ac..f0b7344 100644
--- a/delivery/controller/backbone_controller.go
+++ b/delivery/controller/backbone_controller.go
@@ -20,6 +20,7 @@ func (bc *BackboneController) Route() {
 	rg := bc.rg.Group("/backbone")
 	
 	rg.Use(middleware.AuthMiddleware())
+	rg.Use(middleware.CORSMiddleware())
 	rg.Use(middleware.RateLimitMiddleware())
 	{
 		rg.GET("", bc.GetBackbone())
diff --git a/delivery/controller/devicePort_controller.go b/delivery/controller/devicePort_controller.go
index aa4f8e1..568c707 100644
--- a/delivery/controller/devicePort_controller.go
+++ b/delivery/controller/devicePort_controller.go
@@ -20,6 +20,7 @@ func (dc *DevicePortController) Route() {
 	rg := dc.rg.Group("/device-port")
 	rg.Use(middleware.AuthMiddleware())
 	rg.Use(middleware.RateLimitMiddleware())
+	rg.Use(middleware.CORSMiddleware())
 	{
 		rg.GET("", dc.GetDevicePort())
 		rg.POST("", dc.CreateDevicePort())
diff --git a/delivery/controller/devices_controller.go b/delivery/controller/devices_controller.go
index 93b75fb..20f3f59 100644
--- a/delivery/controller/devices_controller.go
+++ b/delivery/controller/devices_controller.go
@@ -20,6 +20,7 @@ func (dc *DeviceController) Route() {
 	rg := dc.rg.Group("/devices")
 	rg.Use(middleware.AuthMiddleware())
 	rg.Use(middleware.RateLimitMiddleware())
+	rg.Use(middleware.CORSMiddleware())
 	{
 		rg.POST("", dc.CreateDevice())
 		rg.GET("", dc.GetAllDevices())
diff --git a/delivery/controller/fishbone_controller.go b/delivery/controller/fishbone_controller.go
index 863be49..1bc0b44 100644
--- a/delivery/controller/fishbone_controller.go
+++ b/delivery/controller/fishbone_controller.go
@@ -20,6 +20,7 @@ func (fc *FishboneController) Route() {
 	rg := fc.rg.Group("/fishbone")
 	rg.Use(middleware.AuthMiddleware())
 	rg.Use(middleware.RateLimitMiddleware())
+	rg.Use(middleware.CORSMiddleware())
 	{
 		rg.GET("", fc.GetFishbone())
 		rg.POST("", fc.CreateFishbone())
diff --git a/delivery/controller/tower_controller.go b/delivery/controller/tower_controller.go
index f86dffe..c8b6332 100644
--- a/delivery/controller/tower_controller.go
+++ b/delivery/controller/tower_controller.go
@@ -20,6 +20,7 @@ func (tc *TowerController) Route() {
 	rg := tc.rg.Group("/tower")
 	rg.Use(middleware.AuthMiddleware())
 	rg.Use(middleware.RateLimitMiddleware())
+	rg.Use(middleware.CORSMiddleware())
 	{
 		rg.GET("", tc.GetTower())
 		rg.POST("", tc.CreateTower())
diff --git a/delivery/controller/users_controller.go b/delivery/controller/users_controller.go
index 94d413c..83e0d54 100644
--- a/delivery/controller/users_controller.go
+++ b/delivery/controller/users_controller.go
@@ -19,6 +19,7 @@ type UsersController struct {
 func (uc *UsersController) Route() {
 	rg:= uc.rg.Group("/users")
 	rg.Use(middleware.RateLoginMiddleware())
+	rg.Use(middleware.CORSMiddleware())
 	{
 		rg.POST("/login", uc.Login())
 	}
diff --git a/middleware/cors_middleware.go b/middleware/cors_middleware.go
new file mode 100644
index 0000000..f06774a
--- /dev/null
+++ b/middleware/cors_middleware.go
@@ -0,0 +1,21 @@
+package middleware
+
+import (
+    "github.com/gin-gonic/gin"
+)
+
+func CORSMiddleware() gin.HandlerFunc {
+    return func(c *gin.Context) {
+        c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+        c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+        c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+        c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
+
+        if c.Request.Method == "OPTIONS" {
+            c.AbortWithStatus(204)
+            return
+        }
+
+        c.Next()
+    }
+}
\ No newline at end of file