diff --git a/api/sse.go b/api/sse.go
index 96372cd..dbb2d20 100644
--- a/api/sse.go
+++ b/api/sse.go
@@ -30,6 +30,14 @@ func SSE(c echo.Context) error {
 	c.Response().Header().Set(echo.HeaderConnection, "keep-alive")
 	c.Response().Header().Set(echo.HeaderCacheControl, "no-cache")
 
+	// Get origin from request
+	origin := c.Request().Header.Get(echo.HeaderOrigin)
+	// Only allow specific origins
+	if origin == "https://atri.dad" || origin == "http://localhost:3000" {
+		c.Response().Header().Set(echo.HeaderAccessControlAllowOrigin, origin)
+		c.Response().Header().Set(echo.HeaderAccessControlAllowCredentials, "true")
+	}
+
 	// Create a channel to receive messages from the lib.SSEServer
 	clientChan := make(chan string)
 
diff --git a/main.go b/main.go
index 69174ad..a4c55a3 100755
--- a/main.go
+++ b/main.go
@@ -43,6 +43,16 @@ func main() {
 	}))
 	e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(50)))
 
+	// Add CORS middleware
+	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+		AllowOrigins:     []string{"https://atri.dad", "http://localhost:3000"},
+		AllowMethods:     []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete},
+		AllowHeaders:     []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
+		ExposeHeaders:    []string{echo.HeaderContentType},
+		AllowCredentials: true,
+		MaxAge:           86400,
+	}))
+
 	// Static server
 	fs := http.FS(PublicFS)
 	e.GET("/public/*", echo.WrapHandler(http.FileServer(fs)))