diff --git a/api/personal_measure_api.config.prod.json b/api/personal_measure_api.config.prod.json
index 9bd246b..9f8d466 100644
--- a/api/personal_measure_api.config.prod.json
+++ b/api/personal_measure_api.config.prod.json
@@ -1,6 +1,5 @@
 {
   "debug":false,
-  "port":80,
   "pwdCost":11,
-  "knownOrigins": [ "https://pm.jdb-labs.com" ]
+  "knownOrigins": [ "https://pm.jdb-software.com", "https://pm-dev.jdb-software.com" ]
 }
diff --git a/api/src/main/nim/personal_measure_apipkg/api.nim b/api/src/main/nim/personal_measure_apipkg/api.nim
index 2696b45..9b2c697 100644
--- a/api/src/main/nim/personal_measure_apipkg/api.nim
+++ b/api/src/main/nim/personal_measure_apipkg/api.nim
@@ -1,5 +1,6 @@
 import asyncdispatch, base64, jester, json, jwt, logging, options, sequtils,
   times, uuids
+from httpcore import HttpMethod
 from unicode import capitalize
 import strutils except capitalize
 import timeutils
@@ -58,6 +59,29 @@ template jsonResp(code: HttpCode, body: string = "", headersToSend: RawHeaders =
     body
   )
 
+template optionsResp(allowedMethods: seq[HttpMethod]) =
+
+  let reqOrigin =
+    if request.headers.hasKey("Origin"): $(request.headers["Origin"])
+    else: ""
+
+  let corsHeaders =
+    if ctx.cfg.knownOrigins.contains(reqOrigin):
+      @{
+        "Access-Control-Allow-Origin": reqOrigin,
+        "Access-Control-Allow-Credentials": "true",
+        "Access-Control-Allow-Methods": allowedMethods.mapIt($it).join(", "),
+        "Access-Control-Allow-Headers": "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"
+      }
+    else: @{:}
+
+  halt(
+    Http200,
+    corsHeaders,
+    ""
+  )
+
+
 template jsonResp(body: string) = jsonResp(Http200, body)
 
 template statusResp(code: HttpCode, details: string = "", headersToSend: RawHeaders = @{:} ) =
@@ -212,9 +236,13 @@ proc start*(ctx: PMApiContext): void =
 
   routes:
 
+    options "/version": optionsResp(@[HttpGet])
+
     get "/version":
       jsonResp($(%("personal_measure_api v" & PM_API_VERSION)))
 
+    options "/auth-token": optionsResp(@[HttpPost])
+
     post "/auth-token":
 
       try:
@@ -226,6 +254,8 @@ proc start*(ctx: PMApiContext): void =
       except JsonParsingError: statusResp(Http400, getCurrentExceptionMsg())
       except: statusResp(Http401, getCurrentExceptionMsg())
 
+    options "/change-pwd": optionsResp(@[HttpPost])
+
     post "/change-pwd":
       checkAuth()
 
@@ -247,6 +277,8 @@ proc start*(ctx: PMApiContext): void =
         error "internal error changing password: " & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/change-pwd/@userId": optionsResp(@[HttpPost])
+
     post "/change-pwd/@userId":
       checkAuth(true)
 
@@ -268,6 +300,8 @@ proc start*(ctx: PMApiContext): void =
         error "internal error changing password: " & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/user": optionsResp(@[HttpGet, HttpPut])
+
     get "/user":
       checkAuth()
 
@@ -292,6 +326,8 @@ proc start*(ctx: PMApiContext): void =
         error "Could not update user information:\n\t" & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/users": optionsResp(@[HttpGet, HttpPost])
+
     get "/users":
       checkAuth(true)
 
@@ -320,6 +356,8 @@ proc start*(ctx: PMApiContext): void =
         error "Could not create new user:\n\t" & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/users/@userId": optionsResp(@[HttpGet, HttpDelete])
+
     get "/users/@userId":
       checkAuth(true)
 
@@ -340,6 +378,8 @@ proc start*(ctx: PMApiContext): void =
 
       except: statusResp(Http500, getCurrentExceptionMsg())
 
+    options "/api-tokens": optionsResp(@[HttpGet, HttpPost])
+
     get "/api-tokens":
       checkAuth()
 
@@ -374,6 +414,8 @@ proc start*(ctx: PMApiContext): void =
         debug getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/api-tokens/@tokenId": optionsResp(@[HttpGet, HttpDelete])
+
     get "/api-tokens/@tokenId":
       checkAuth()
 
@@ -394,6 +436,8 @@ proc start*(ctx: PMApiContext): void =
 
     # Measure
 
+    options "/measures": optionsResp(@[HttpGet, HttpPost])
+
     get "/measures":
       checkAuth()
 
@@ -438,6 +482,8 @@ proc start*(ctx: PMApiContext): void =
         error "unable to create new measure:\n\t" & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/measures/@slug": optionsResp(@[HttpGet, HttpPost, HttpDelete])
+
     get "/measures/@slug":
       checkAuth()
 
@@ -491,6 +537,9 @@ proc start*(ctx: PMApiContext): void =
           statusResp(Http500)
 
     # Measurements
+
+    options "/measurements/@slug": optionsResp(@[HttpGet, HttpPost])
+
     get "/measurements/@slug":
       checkAuth()
 
@@ -528,6 +577,8 @@ proc start*(ctx: PMApiContext): void =
         error "unable to add measurement:\n\t" & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/measurements/@slug/@id": optionsResp(@[HttpGet, HttpPut, HttpDelete])
+
     get "/measurements/@slug/@id":
       checkAuth()
 
@@ -580,6 +631,8 @@ proc start*(ctx: PMApiContext): void =
         error "unable to delete measurement:\n\t" & getCurrentExceptionMsg()
         statusResp(Http500)
 
+    options "/log": optionsResp(@[HttpPost])
+
     post "/log":
       checkAuth()
 
@@ -597,6 +650,8 @@ proc start*(ctx: PMApiContext): void =
       except BadRequestError: statusResp(Http400, getCurrentExceptionMsg())
       except: statusResp(Http500, getCurrentExceptionMsg())
 
+    options "/log/batch": optionsResp(@[HttpPost])
+
     post "/log/batch":
       checkAuth()