diff --git a/pkg/cors-manager-mw/cors-manager-mw.go b/pkg/cors-manager-mw/cors-manager-mw.go
new file mode 100644
index 00000000..8ff70d8e
--- /dev/null
+++ b/pkg/cors-manager-mw/cors-manager-mw.go
@@ -0,0 +1,31 @@
+package corsmanagermw
+
+import (
+	"net/http"
+
+	a "github.com/karincake/apem"
+)
+
+type CorsCfg struct {
+	AllowedOrigins []string `yaml:"allowedOrigins"`
+	AllowedMethod  string   `yaml:"allowedMethod"`
+}
+
+var cfg CorsCfg
+
+func SetCors(next http.Handler) http.Handler {
+	a.ParseSingleCfg(&cfg)
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", cfg.AllowedMethod)
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}