diff --git a/Applications/SseServer/src/SseServer/Configuration.cs b/Applications/SseServer/src/SseServer/Configuration.cs
index 27c5da8ede..b04057bca7 100644
--- a/Applications/SseServer/src/SseServer/Configuration.cs
+++ b/Applications/SseServer/src/SseServer/Configuration.cs
@@ -9,6 +9,8 @@ public class Configuration
     [Required]
     public AuthenticationConfiguration Authentication { get; set; } = new();
 
+    public CorsConfiguration Cors { get; set; } = new();
+
     [Required]
     public InfrastructureConfiguration Infrastructure { get; set; } = new();
 
@@ -20,6 +22,12 @@ public class AuthenticationConfiguration
         public string JwtSigningCertificate { get; set; } = "";
     }
 
+    public class CorsConfiguration
+    {
+        public string AllowedOrigins { get; set; } = "";
+        public string ExposedHeaders { get; set; } = "";
+    }
+
     public class InfrastructureConfiguration
     {
         [Required]
diff --git a/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs b/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs
index 0a93c34720..512870a697 100644
--- a/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs
+++ b/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs
@@ -65,6 +65,18 @@ public static void AddCustomAspNetCore(this IServiceCollection services,
                 options.JsonSerializerOptions.DictionaryKeyPolicy = JsonNamingPolicy.CamelCase;
             });
 
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(configuration.Cors.AllowedOrigins.Split(";"))
+                    .WithExposedHeaders(configuration.Cors.ExposedHeaders.Split(";"))
+                    .AllowAnyHeader()
+                    .AllowAnyMethod();
+            });
+        });
+
         services.AddAuthentication().AddJwtBearer("default", options =>
         {
             var privateKeyBytes = Convert.FromBase64String(configuration.Authentication.JwtSigningCertificate);
diff --git a/Applications/SseServer/src/SseServer/Program.cs b/Applications/SseServer/src/SseServer/Program.cs
index 6138e63518..7c49ef80ff 100644
--- a/Applications/SseServer/src/SseServer/Program.cs
+++ b/Applications/SseServer/src/SseServer/Program.cs
@@ -142,6 +142,8 @@ static void Configure(WebApplication app)
             .AddCustomHeader("X-Frame-Options", "Deny")
     );
 
+    app.UseCors();
+
     app.UseAuthentication().UseAuthorization();
 
     app.MapControllers();