diff --git a/next.config.js b/next.config.js
index 0820004..7276295 100644
--- a/next.config.js
+++ b/next.config.js
@@ -5,16 +5,21 @@ const nextConfig = {
   async headers() {
     return [
       {
-        // matching all API routes
-        source: '/api/*',
+        // Routes this applies to
+        source: '/api/(.*)',
+        // Headers
         headers: [
-          { key: 'Access-Control-Allow-Credentials', value: 'true' },
-          { key: 'Access-Control-Allow-Origin', value: '*' }, // replace this your actual origin
-          { key: 'Access-Control-Allow-Methods', value: 'GET,DELETE,PATCH,POST,PUT' },
+          // Allow for specific domains to have access or * for all
           {
-            key: 'Access-Control-Allow-Headers',
-            value:
-              'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version',
+            key: 'Access-Control-Allow-Origin',
+            value: '*',
+            // DOES NOT WORK
+            // value: process.env.ALLOWED_ORIGIN,
+          },
+          // Allows for specific methods accepted
+          {
+            key: 'Access-Control-Allow-Methods',
+            value: 'GET, POST, PUT, DELETE, OPTIONS',
           },
         ],
       },