diff --git a/server/main.go b/server/main.go
index 02a8e00..22b4c9f 100644
--- a/server/main.go
+++ b/server/main.go
@@ -73,6 +73,10 @@ func main() {
 		LogLevel:  log.ERROR,
 	}))
 	app.Use(middleware.Secure())
+	app.Use(middleware.CORSWithConfig(middleware.CORSConfig{
+		AllowOrigins: []string{"*"},
+		AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAuthorization},
+	}))
 
 	app.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
 		Format:           "${time_custom} ${method} ${uri} ---> ${status} in ${latency_human} (${bytes_out} bytes)\n",
@@ -213,7 +217,8 @@ func main() {
 
 func authed(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		if c.Request().Header.Get("Authorization") != token {
+		provided := c.Request().Header.Get("Authorization")
+		if provided != fmt.Sprintf("Bearer %s", token) {
 			return c.NoContent(http.StatusUnauthorized)
 		}