diff --git a/src/lib/middleware/withZipline.ts b/src/lib/middleware/withZipline.ts
index f4291a3..a277221 100644
--- a/src/lib/middleware/withZipline.ts
+++ b/src/lib/middleware/withZipline.ts
@@ -41,9 +41,19 @@ export type NextApiRes = NextApiResponse & {
   setCookie: (name: string, value: unknown, options: CookieSerializeOptions) => void;
 }
 
+// {
+//   'Access-Control-Allow-Origin': '*',
+//   'Access-Control-Allow-Methods': 'GET,HEAD,POST,OPTIONS',
+//   'Access-Control-Max-Age': '86400'
+// }
+
 export const withZipline = (handler: (req: NextApiRequest, res: NextApiResponse) => unknown) => (req: NextApiReq, res: NextApiRes) => {
   res.error = (message: string) => {
     res.setHeader('Content-Type', 'application/json');
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Content-Allow-Methods', 'GET,HEAD,POST,OPTIONS');
+    res.setHeader('Access-Control-Max-Age', '86400');
+    
     res.json({
       error: message,
     });
@@ -51,6 +61,10 @@ export const withZipline = (handler: (req: NextApiRequest, res: NextApiResponse)
 
   res.forbid = (message: string) => {
     res.setHeader('Content-Type', 'application/json');
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Content-Allow-Methods', 'GET,HEAD,POST,OPTIONS');
+    res.setHeader('Access-Control-Max-Age', '86400');
+
     res.status(403);
     res.json({
       error: '403: ' + message,
@@ -59,6 +73,10 @@ export const withZipline = (handler: (req: NextApiRequest, res: NextApiResponse)
 
   res.bad = (message: string) => {
     res.setHeader('Content-Type', 'application/json');
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Content-Allow-Methods', 'GET,HEAD,POST,OPTIONS');
+    res.setHeader('Access-Control-Max-Age', '86400');
+
     res.status(401);
     res.json({
       error: '403: ' + message,
@@ -67,6 +85,9 @@ export const withZipline = (handler: (req: NextApiRequest, res: NextApiResponse)
 
   res.json = (json: any) => {
     res.setHeader('Content-Type', 'application/json');
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Content-Allow-Methods', 'GET,HEAD,POST,OPTIONS');
+    res.setHeader('Access-Control-Max-Age', '86400');
 
     res.end(JSON.stringify(json));
   };