diff --git a/package.json b/package.json
index aad14dd..c09db22 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,9 @@
     },
     "dependencies": {
         "@paralleldrive/cuid2": "^2.2.2",
+        "@types/cors": "^2.8.17",
         "body-parser": "^1.20.2",
+        "cors": "^2.8.5",
         "dotenv": "^16.4.5",
         "express": "^4.19.1",
         "http-status-codes": "^2.3.0",
diff --git a/src/middleware/cors-middleware.ts b/src/middleware/cors-middleware.ts
new file mode 100644
index 0000000..bc9242a
--- /dev/null
+++ b/src/middleware/cors-middleware.ts
@@ -0,0 +1,26 @@
+import cors from "cors";
+
+// Allow CORS for Netlify deploy previews
+const allowedOrigins = ["https://reflectionsprojections.org"];
+
+// Function to check if the origin matches the deploy preview format
+function isNetlifyDeployPreview(origin: string) {
+    const regex = /^https:\/\/deploy-preview-\d+--rp2024\.netlify\.app\/$/;
+    return regex.test(origin);
+}
+
+const corsMiddleware = cors({
+    origin: function (origin, callback) {
+        if (
+            !origin ||
+            allowedOrigins.includes(origin) ||
+            isNetlifyDeployPreview(origin)
+        ) {
+            callback(null, true);
+        } else {
+            callback(new Error("Not allowed by CORS"));
+        }
+    },
+});
+
+export default corsMiddleware;
diff --git a/src/services/subscription/subscription-router.ts b/src/services/subscription/subscription-router.ts
index e83e69c..50555bf 100644
--- a/src/services/subscription/subscription-router.ts
+++ b/src/services/subscription/subscription-router.ts
@@ -2,11 +2,12 @@ import { Router } from "express";
 import { StatusCodes } from "http-status-codes";
 import { SubscriptionValidator } from "./subscription-schema";
 import { Database } from "../../database";
+import corsMiddleware from "../../middleware/cors-middleware";
 
 const subscriptionRouter = Router();
 
 // Create a new subscription
-subscriptionRouter.post("/", async (req, res, next) => {
+subscriptionRouter.post("/", corsMiddleware, async (req, res, next) => {
     try {
         // Validate the incoming user subscription
         const subscriptionData = SubscriptionValidator.parse(req.body);
diff --git a/yarn.lock b/yarn.lock
index 33f43b2..8a6dd15 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -238,6 +238,13 @@
   dependencies:
     "@types/node" "*"
 
+"@types/cors@^2.8.17":
+  version "2.8.17"
+  resolved "https://registry.yarnpkg.com/@types/cors/-/cors-2.8.17.tgz#5d718a5e494a8166f569d986794e49c48b216b2b"
+  integrity sha512-8CGDvrBj1zgo2qE+oS3pOCyYNqCPryMWY2bGfwA0dcfopWGgxs+78df0Rs3rc9THP4JkOhLsAa+15VdpAqkcUA==
+  dependencies:
+    "@types/node" "*"
+
 "@types/dotenv@^8.2.0":
   version "8.2.0"
   resolved "https://registry.npmjs.org/@types/dotenv/-/dotenv-8.2.0.tgz"
@@ -807,6 +814,14 @@ core-js-pure@^3.30.2:
   resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.36.1.tgz#1461c89e76116528b54eba20a0aff30164087a94"
   integrity sha512-NXCvHvSVYSrewP0L5OhltzXeWFJLo2AL2TYnj6iLV3Bw8mM62wAQMNgUCRI6EBu6hVVpbCxmOPlxh1Ikw2PfUA==
 
+cors@^2.8.5:
+  version "2.8.5"
+  resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.5.tgz#eac11da51592dd86b9f06f6e7ac293b3df875d29"
+  integrity sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==
+  dependencies:
+    object-assign "^4"
+    vary "^1"
+
 cross-spawn@^7.0.2:
   version "7.0.3"
   resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz"
@@ -2237,7 +2252,7 @@ oauth@0.10.x:
   resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.10.0.tgz#3551c4c9b95c53ea437e1e21e46b649482339c58"
   integrity sha512-1orQ9MT1vHFGQxhuy7E/0gECD3fd2fCC+PIX+/jgmU/gI3EpRocXtmtvxCO5x3WZ443FLTLFWNDjl5MPJf9u+Q==
 
-object-assign@^4.1.1:
+object-assign@^4, object-assign@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==
@@ -2996,7 +3011,7 @@ v8-compile-cache@^2.0.3:
   resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz#cdada8bec61e15865f05d097c5f4fd30e94dc128"
   integrity sha512-ocyWc3bAHBB/guyqJQVI5o4BZkPhznPYUG2ea80Gond/BgNWpap8TOmLSeeQG7bnh2KMISxskdADG59j7zruhw==
 
-vary@~1.1.2:
+vary@^1, vary@~1.1.2:
   version "1.1.2"
   resolved "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz"
   integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==