diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index 4a03c3e0ee..11ac8f0c36 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -162,7 +162,8 @@ namespace Bit.Api
             app.UseStaticFiles();
 
             // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
+            app.UseCors(policy => policy.SetIsOriginAllowed(h => true)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
             // Add authentication to the request pipeline.
             app.UseAuthentication();
diff --git a/src/Events/Startup.cs b/src/Events/Startup.cs
index a14f9ba3ef..23b92e136b 100644
--- a/src/Events/Startup.cs
+++ b/src/Events/Startup.cs
@@ -94,7 +94,8 @@ namespace Bit.Events
             app.UseDefaultMiddleware(env);
 
             // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
+            app.UseCors(policy => policy.SetIsOriginAllowed(h => true)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
             // Add authentication to the request pipeline.
             app.UseAuthentication();
diff --git a/src/Notifications/Startup.cs b/src/Notifications/Startup.cs
index 3cfff38d9e..168ff9c4be 100644
--- a/src/Notifications/Startup.cs
+++ b/src/Notifications/Startup.cs
@@ -94,7 +94,8 @@ namespace Bit.Notifications
             }
 
             // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
+            app.UseCors(policy => policy.SetIsOriginAllowed(h => true)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
             // Add authentication to the request pipeline.
             app.UseAuthentication();