diff --git a/package.json b/package.json
index 6cd801acc3..0f4e551800 100644
--- a/package.json
+++ b/package.json
@@ -47,6 +47,7 @@
     "compression": "^1.6.0",
     "connect-mongo": "^1.3.2",
     "cookie-parser": "^1.4.0",
+    "cors": "^2.8.3",
     "csurf": "^1.8.3",
     "d3": "~3.5.17",
     "debug": "^2.2.0",
diff --git a/server/config.json b/server/config.json
index 8d0e2976c0..5afb58fec8 100644
--- a/server/config.json
+++ b/server/config.json
@@ -21,9 +21,6 @@
       "extended": true,
       "limit": "100kb"
     },
-    "cors": {
-      "origin": true,
-      "credentials": true
-    }
+    "cors": false
   }
 }
diff --git a/server/middleware.json b/server/middleware.json
index f19ec96c62..dfcabd66c6 100644
--- a/server/middleware.json
+++ b/server/middleware.json
@@ -16,6 +16,13 @@
     "compression": {},
     "morgan": {
       "params": ":status :method :response-time ms - :url"
+    },
+    "cors": {
+      "params": {
+        "origin": true,
+        "credentials": true,
+        "maxAge": 86400
+      }
     }
   },
   "session": {