diff --git a/config/application.rb b/config/application.rb
index 71883b57f..5a7edb930 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -68,17 +68,6 @@ class Application < Rails::Application
     config.active_record.yaml_column_permitted_classes = [Symbol, BigDecimal]
 
     config.autoloader = :zeitwerk
-
-    # Ex:- :default =>''
-
-    # CORS for API
-    config.middleware.insert_before 0, Rack::Cors do
-      allow do
-        origins '*'
-        # this restricts Foodsoft scopes to certain characters - let's discuss it when it becomes an actual problem
-        resource %r{\A/[-a-zA-Z0-9_]+/api/v1/}, headers: :any, methods: :any
-      end
-    end
   end
 
   # Foodsoft version
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index e5a82f162..24ec0662b 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -5,12 +5,10 @@
 
 # Read more: https://github.com/cyu/rack-cors
 
-# Rails.application.config.middleware.insert_before 0, Rack::Cors do
-#   allow do
-#     origins "example.com"
-#
-#     resource "*",
-#       headers: :any,
-#       methods: [:get, :post, :put, :patch, :delete, :options, :head]
-#   end
-# end
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins '*'
+    # this restricts Foodsoft scopes to certain characters - let's discuss it when it becomes an actual problem
+    resource %r{\A/[-a-zA-Z0-9_]+/api/v1/}, headers: :any, methods: :any
+  end
+end