diff --git a/Gemfile b/Gemfile
index 83bc8f8..0a266cf 100644
--- a/Gemfile
+++ b/Gemfile
@@ -22,6 +22,8 @@ gem "jbuilder"
 gem "avo", ">= 3.2.1"
 # PaperTrail for auditing
 gem "paper_trail"
+# Handle CORS (Cross-Origin Resource Sharing)
+gem "rack-cors"
 
 # Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
 # gem "bcrypt", "~> 3.1.7"
diff --git a/Gemfile.lock b/Gemfile.lock
index c765fe1..1e0b29d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -307,6 +307,8 @@ GEM
     raabro (1.4.0)
     racc (1.8.1)
     rack (3.1.12)
+    rack-cors (2.0.2)
+      rack (>= 2.0.0)
     rack-mini-profiler (3.3.1)
       rack (>= 1.2.0)
     rack-session (2.1.0)
@@ -499,6 +501,7 @@ DEPENDENCIES
   propshaft
   puma (>= 5.0)
   query_count
+  rack-cors
   rack-mini-profiler
   rails (~> 8.0.2)
   rubocop-rails-omakase
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
new file mode 100644
index 0000000..27041a3
--- /dev/null
+++ b/config/initializers/cors.rb
@@ -0,0 +1,12 @@
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins "*"
+
+    # Allow CORS for the hackatime API endpoints
+    resource "/api/hackatime/v1/*",
+      headers: :any,
+      methods: [ :get, :post, :options ],
+      expose: [ "Authorization" ],
+      max_age: 600
+  end
+end