diff --git a/src/lib.rs b/src/lib.rs
index ce62d0d311..9c565bf6a9 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -155,13 +155,18 @@ pub async fn start_lemmy_server() -> Result<(), LemmyError> {
 
   // Create Http server with websocket support
   HttpServer::new(move || {
-    let cors_config = if cfg!(debug_assertions) {
-      Cors::permissive()
-    } else {
-      let cors_origin = std::env::var("LEMMY_CORS_ORIGIN").unwrap_or("http://localhost".into());
+    let cors_override = std::env::var("LEMMY_CORS_ORIGIN");
+    let cors_config = if cors_override.is_ok() && !cfg!(debug_assertions) {
       Cors::default()
-        .allowed_origin(&cors_origin)
+        .allowed_origin(&cors_override)
         .allowed_origin(&settings.get_protocol_and_hostname())
+    } else {
+      Cors::default()
+        .allow_any_origin()
+        .allow_any_method()
+        .allow_any_header()
+        .expose_any_header()
+        .max_age(3600)
     };
 
     let app = App::new()