diff --git a/ingress/oidc-cors-middleware.yaml b/ingress/oidc-cors-middleware.yaml
new file mode 100644
index 0000000..828901c
--- /dev/null
+++ b/ingress/oidc-cors-middleware.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: oidc-cors
+  namespace: default
+spec:
+  headers:
+    accessControlAllowOriginList:
+      - https://a-ops.t-aaron.com
+      - https://b-ops.t-aaron.com
+    accessControlAllowMethods:
+      - GET
+      - POST
+      - OPTIONS
+    accessControlAllowHeaders:
+      - DNT
+      - User-Agent
+      - X-Requested-With
+      - If-Modified-Since
+      - Cache-Control
+      - Content-Type
+      - Range
+      - Authorization
+    accessControlAllowCredentials: true
+    addVaryHeader: true
+
diff --git a/ingress/oidc-ingress.yaml b/ingress/oidc-ingress.yaml
index eed61f6..5843d35 100644
--- a/ingress/oidc-ingress.yaml
+++ b/ingress/oidc-ingress.yaml
@@ -6,6 +6,7 @@ metadata:
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.middlewares: default-oidc-cors@kubernetescrd
 spec:
   tls:
     - hosts: