diff --git a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java
index e1124f22bedd650641d9acc241cda8d58d74025b..eaae4256a7705d7361e19d128bde0144833f624a 100644
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java
@@ -326,7 +326,14 @@ public class OidcOpLoginImpl implements OidcOpLogin {
 				throw new OidcAuthenticationException("cannot create hash at the moment. This is bad.");
 			}
 		}
-	
+
+		if (clientConfig.getGenericStore().containsKey("cors_allow_regex")) {
+			String origin = request.getHeader("Origin");
+			if (origin.matches(clientConfig.getGenericStore().get("cors_allow_regex"))) {
+				response.setHeader("Access-Control-Allow-Origin", origin);
+			}
+		}
+			
 		IdentityEntity identity = flowState.getIdentity();
 
 		if (identity == null) {
diff --git a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java
index 7a9589c8a9924855bd9e59e99761382755521ff5..ded0ca9e1b72b8461fc4075f9e9d72eafdb2256f 100644
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java
@@ -51,6 +51,8 @@ public class OidcCertsController {
 	@Produces(MediaType.APPLICATION_JSON)
 	public String auth(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws IOException, OidcAuthenticationException {
+	
+		response.setHeader("Access-Control-Allow-Origin", "*");
 		
 		try {
 			logger.debug("certs called for {}", realm);
diff --git a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java
index 83e9e24ab49e237d3b0d15c79e35a72d6c714233..046434246a5546ffaa22312624c158f1be440388 100644
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java
@@ -47,6 +47,8 @@ public class OidcWellknownController {
 	public JSONObject wellknown(@PathParam("realm") String realm, @Context HttpServletRequest request, @Context HttpServletResponse response)
 			throws ServletException {
 
+		response.setHeader("Access-Control-Allow-Origin", "*");
+		
 		OidcOpConfigurationEntity opConfig = opService.findByRealmAndHost(realm, request.getServerName());
 		
 		if (opConfig == null) {