diff --git a/OliverBooth/Controllers/BlogApiController.cs b/OliverBooth/Controllers/BlogApiController.cs
index 7ae029f..8e7e921 100644
--- a/OliverBooth/Controllers/BlogApiController.cs
+++ b/OliverBooth/Controllers/BlogApiController.cs
@@ -1,4 +1,5 @@
 using Humanizer;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using OliverBooth.Data.Blog;
 using OliverBooth.Services;
@@ -11,6 +12,7 @@ namespace OliverBooth.Controllers;
 [ApiController]
 [Route("api/blog")]
 [Produces("application/json")]
+[EnableCors("BlogApi")]
 public sealed class BlogApiController : ControllerBase
 {
     private readonly BlogService _blogService;
diff --git a/OliverBooth/Program.cs b/OliverBooth/Program.cs
index 8b1fedb..f8b1c10 100644
--- a/OliverBooth/Program.cs
+++ b/OliverBooth/Program.cs
@@ -34,6 +34,11 @@ builder.Services.AddDbContextFactory<WebContext>();
 builder.Services.AddSingleton<BlogService>();
 builder.Services.AddRazorPages().AddRazorRuntimeCompilation();
 builder.Services.AddControllersWithViews();
+builder.Services.AddCors(options => options.AddPolicy("BlogApi", policy => (builder.Environment.IsDevelopment()
+        ? policy.AllowAnyOrigin()
+        : policy.WithOrigins("https://oliverbooth.dev"))
+    .AllowAnyMethod()
+    .AllowAnyHeader()));
 builder.Services.AddRouting(options => options.LowercaseUrls = true);
 
 builder.WebHost.UseKestrel(kestrel =>
@@ -79,6 +84,7 @@ app.UseHttpsRedirection();
 app.UseStaticFiles();
 app.UseRouting();
 app.UseAuthorization();
+app.UseCors("BlogApi");
 
 app.MapControllers();
 app.MapRazorPages();