diff --git a/.tf/main.tf b/.tf/main.tf
index 20384dd..555421b 100644
--- a/.tf/main.tf
+++ b/.tf/main.tf
@@ -188,6 +188,7 @@ resource "aws_api_gateway_method_response" "yo_api_catch_all_method_response" {
   resource_id = aws_api_gateway_resource.yo_api_catch_all.id
   http_method = aws_api_gateway_method.yo_api_catch_all_method.http_method
   status_code = "200"
+
   response_parameters = {
     "method.response.header.Access-Control-Allow-Origin" = true
   }
@@ -222,7 +223,7 @@ resource "aws_api_gateway_integration_response" "yo_api_catch_all_integration_re
   status_code = "200"
 
   response_parameters = {
-    "method.response.header.Access-Control-Allow-Origin" = "'*'" # TODO: specify a domain here instead of "*"
+    "method.response.header.Access-Control-Allow-Origin" = "integration.response.header.Access-Control-Allow-Origin"
   }
 
   response_templates = {
diff --git a/server/index.ts b/server/index.ts
index 454b628..5324e90 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -107,8 +107,19 @@ export const handler = async (
         }
 
         // Pass the event and context to the serverless app
-        const response = await serverlessApp(event, context);
-        return response;
+        const response: any = await serverlessApp(event, context);
+
+        const headers = {
+            ...response?.headers || {},
+            'Access-Control-Allow-Origin': '*', // TODO: specify a domain instead of '*'
+            'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
+            'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+        };
+
+        return {
+            ...response,
+            headers,
+        };
     } catch (error) {
         console.error('Error handling the request:', error); // Log the error
         return {