diff --git a/lib/server.js b/lib/server.js
index 86f41c0c..07cfbcb7 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const cors = require('cors');
 const router = require('express-promise-router');
 const bodyParser = require('body-parser');
 const boolParser = require('express-query-boolean');
@@ -32,6 +33,10 @@ process.on('unhandledRejection', (err) => {
     }
 });
 
+const corsOptions = {
+    origin: [/aegee\.eu|aegee\.org|app\.aegee-leiden\.nl/]
+};
+
 GeneralRouter.get('/healthcheck', middlewares.healthcheck);
 GeneralRouter.get('/metrics', metrics.getMetrics);
 GeneralRouter.get('/metrics/requests', endpointsMetrics.getEndpointMetrics);
@@ -39,7 +44,7 @@ GeneralRouter.get('/metrics/requests', endpointsMetrics.getEndpointMetrics);
 // For all the requests above these three, query the core for authorization data.
 GeneralRouter.use(middlewares.authenticateUser);
 
-GeneralRouter.get('/', events.listEvents);
+GeneralRouter.get('/', cors(corsOptions), events.listEvents);
 GeneralRouter.post('/', middlewares.ensureAuthorized, events.addEvent);
 
 GeneralRouter.get('/mine/organizing', middlewares.ensureAuthorized, events.listUserOrganizedEvents);
@@ -51,7 +56,7 @@ GeneralRouter.get('/boardview/:body_id', middlewares.ensureAuthorized, events.li
 EventsRouter.use(middlewares.fetchSingleEvent);
 
 // Getting the event details can be done without autorization.
-EventsRouter.get('/', events.eventDetails);
+EventsRouter.get('/', cors(corsOptions), events.eventDetails);
 
 // The next routes cannot.
 EventsRouter.use(middlewares.ensureAuthorized);
diff --git a/package-lock.json b/package-lock.json
index 9eff6f27..d5e478ee 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,6 +12,7 @@
         "@bugsnag/js": "^7.18.0",
         "body-parser": "^1.19.0",
         "bunyan": "^1.8.15",
+        "cors": "^2.8.5",
         "express": "^4.18.2",
         "express-promise-router": "^4.1.1",
         "express-query-boolean": "^2.0.0",
@@ -4963,6 +4964,18 @@
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/cosmiconfig": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.0.0.tgz",
@@ -22457,6 +22470,15 @@
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
+    "cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      }
+    },
     "cosmiconfig": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.0.0.tgz",
diff --git a/package.json b/package.json
index ebc0cb5b..29941359 100644
--- a/package.json
+++ b/package.json
@@ -43,6 +43,7 @@
     "@bugsnag/js": "^7.18.0",
     "body-parser": "^1.19.0",
     "bunyan": "^1.8.15",
+    "cors": "^2.8.5",
     "express": "^4.18.2",
     "express-promise-router": "^4.1.1",
     "express-query-boolean": "^2.0.0",