diff --git a/web/.htaccess b/web/.htaccess
index 6f9123d1..23b2e0c9 100644
--- a/web/.htaccess
+++ b/web/.htaccess
@@ -180,3 +180,8 @@ AddEncoding gzip svgz
   # Disable Proxy header, since it's an attack vector.
   RequestHeader unset Proxy
 </IfModule>
+
+SetEnvIf Origin "^https?://[^/]*(bibliocaeb|staging1.celalibrary)\.ca$" ORIGIN=$0
+Header always set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
+Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, PATCH, DELETE"
+Header always set Access-Control-Allow-Headers: Authorization
\ No newline at end of file