diff --git a/Pipfile b/Pipfile
index 3fbc6e4..3addd23 100644
--- a/Pipfile
+++ b/Pipfile
@@ -11,6 +11,7 @@ flask-sqlalchemy  = "~=2.5.1"
 sqlalchemy = "~=1.4.18"
 waitress = "~=2.0.0"
 pyyaml = "~=5.4.1"
+flask-cors = "~=3.0.10"
 
 [dev-packages]
 flake8 = "~=3.9.2"
diff --git a/Pipfile.lock b/Pipfile.lock
index 0b1ef91..3fbaf44 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "439b60cb87b0180f0b78c531085f9bbeef7685ef038256f80b0a8123e7d144e6"
+            "sha256": "39f7734595b7aadc5b25a47410c76922f1d3803a856d295404e7022529db7138"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -29,7 +29,7 @@
                 "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a",
                 "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6"
             ],
-            "markers": "python_version >= '3.6'",
+            "markers": "python_full_version >= '3.6.0'",
             "version": "==8.0.1"
         },
         "flask": {
@@ -40,6 +40,14 @@
             "index": "pypi",
             "version": "==2.0.1"
         },
+        "flask-cors": {
+            "hashes": [
+                "sha256:74efc975af1194fc7891ff5cd85b0f7478be4f7f59fe158102e91abb72bb4438",
+                "sha256:b60839393f3b84a0f3746f6cdca56c1ad7426aa738b70d6c61375857823181de"
+            ],
+            "index": "pypi",
+            "version": "==3.0.10"
+        },
         "flask-migrate": {
             "hashes": [
                 "sha256:4d42e8f861d78cb6e9319afcba5bf76062e5efd7784184dd2a1cccd9de34a702",
@@ -116,7 +124,7 @@
                 "sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c",
                 "sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0"
             ],
-            "markers": "python_version >= '3.6'",
+            "markers": "python_full_version >= '3.6.0'",
             "version": "==2.0.1"
         },
         "jinja2": {
@@ -124,7 +132,7 @@
                 "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4",
                 "sha256:703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4"
             ],
-            "markers": "python_version >= '3.6'",
+            "markers": "python_full_version >= '3.6.0'",
             "version": "==3.0.1"
         },
         "mako": {
@@ -172,7 +180,7 @@
                 "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51",
                 "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872"
             ],
-            "markers": "python_version >= '3.6'",
+            "markers": "python_full_version >= '3.6.0'",
             "version": "==2.0.1"
         },
         "python-dateutil": {
@@ -293,7 +301,7 @@
                 "sha256:1de1db30d010ff1af14a009224ec49ab2329ad2cde454c8a708130642d579c42",
                 "sha256:6c1ec500dcdba0baa27600f6a22f6333d8b662d22027ff9f6202e3367413caa8"
             ],
-            "markers": "python_version >= '3.6'",
+            "markers": "python_full_version >= '3.6.0'",
             "version": "==2.0.1"
         }
     },
@@ -328,6 +336,14 @@
             ],
             "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
             "version": "==2.3.1"
+        },
+        "yapf": {
+            "hashes": [
+                "sha256:408fb9a2b254c302f49db83c59f9aa0b4b0fd0ec25be3a5c51181327922ff63d",
+                "sha256:e3a234ba8455fe201eaa649cdac872d590089a18b661e39bbac7020978dd9c2e"
+            ],
+            "index": "pypi",
+            "version": "==0.31.0"
         }
     }
 }
diff --git a/app.py b/app.py
index 478a6be..312b338 100644
--- a/app.py
+++ b/app.py
@@ -3,6 +3,7 @@ import os
 
 from dotenv import load_dotenv, find_dotenv
 from flask import Flask
+from flask_cors import CORS
 from flask_sqlalchemy import SQLAlchemy
 from flask_migrate import Migrate
 
@@ -18,6 +19,9 @@ app.config["SQLALCHEMY_DATABASE_URI"] = os.getenv("SQLALCHEMY_DATABASE_URI")
 app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
 app.config["KI_DATA_DIR"] = os.path.dirname(__file__) + "/data"
 app.config["KI_AUTH"] = os.getenv("KI_AUTH")
+app.config["CORS_ORIGINS"] = os.getenv("CORS_ORIGINS", "*")
+
+CORS(app)
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
 
diff --git a/env.dev b/env.dev
index 05bc64d..0f20923 100644
--- a/env.dev
+++ b/env.dev
@@ -1,4 +1,6 @@
-SQLALCHEMY_DATABASE_URI = 'sqlite:///data/ki.sqlite'
+SQLALCHEMY_DATABASE_URI=sqlite:///data/ki.sqlite
+
+CORS_ORIGINS=*
 
 FLASK_APP=app.py
 FLASK_ENV=development
diff --git a/ki/test/test_skills_endpoint.py b/ki/test/test_skills_endpoint.py
index 80cfae6..9287c65 100644
--- a/ki/test/test_skills_endpoint.py
+++ b/ki/test/test_skills_endpoint.py
@@ -17,6 +17,12 @@ class TestSkillsEndpoint(unittest.TestCase):
 
         seed()
 
+    def test_skills_options(self):
+        response = self.client.options("/skills")
+        self.assertEqual(response.status_code, 200)
+        self.assertIn("Access-Control-Allow-Origin", response.headers)
+        self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
+
     def test_get_skills1(self):
         response = self.client.get("/skills?search=p")
         self.assertEqual(response.status_code, 200)
@@ -30,6 +36,8 @@ class TestSkillsEndpoint(unittest.TestCase):
                     "name": "Python"
                 }]
             }, response.json)
+        self.assertIn("Access-Control-Allow-Origin", response.headers)
+        self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
 
 
 if __name__ == "main":