diff --git a/docker/nginx/conf.d/client.conf b/docker/nginx/conf.d/client.conf
index 0a922497..d67b07bf 100644
--- a/docker/nginx/conf.d/client.conf
+++ b/docker/nginx/conf.d/client.conf
@@ -42,10 +42,14 @@ server {
 	client_max_body_size 128k;
 
 	location / {
+		include /etc/nginx/conf.d/include/cors;
+
 		root /var/www/webportal;
 	}
 
 	location /blacklist {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache blacklist for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@@ -54,6 +58,8 @@ server {
 	}
 
 	location /portals {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache portals for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@@ -62,6 +68,8 @@ server {
 	}
 
 	location /stats {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache stats for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@@ -70,6 +78,8 @@ server {
 	}
 
 	location /statsdown {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_cache skynet;
 		proxy_cache_valid any 1m; # cache stats for 1 minute
 		proxy_set_header Access-Control-Allow-Origin: *;
@@ -78,21 +88,29 @@ server {
 	}
 
 	location /health-check {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_set_header Access-Control-Allow-Origin: *;
 		proxy_pass http://health-check:3100;
 	}
 
 	location /hns {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_set_header Access-Control-Allow-Origin: *;
 		proxy_pass http://handshake-api:3100;
 	}
 
 	location /hnsres {
+		include /etc/nginx/conf.d/include/cors;
+
 		proxy_set_header Access-Control-Allow-Origin: *;
 		proxy_pass http://handshake-api:3100;
 	}
 
 	location /skynet/skyfile {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
 		client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
 		proxy_read_timeout 600;
@@ -135,6 +153,8 @@ server {
 	}
 	
 	location ~ "/skynet/skyfile/(.+)" {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
 		client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
 		proxy_read_timeout 600;
@@ -152,6 +172,8 @@ server {
 	}
 
 	location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
 
 		# we need to explicitly use set directive here because $1 will contain the skylink with
@@ -176,6 +198,8 @@ server {
 	}
 
 	location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
+		include /etc/nginx/conf.d/include/cors;
+
 		limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
 
 		# we need to explicitly use set directive here because $1 will contain the skylink with
diff --git a/docker/nginx/conf.d/include/cors b/docker/nginx/conf.d/include/cors
new file mode 100644
index 00000000..33bd2050
--- /dev/null
+++ b/docker/nginx/conf.d/include/cors
@@ -0,0 +1,27 @@
+if ($request_method = 'OPTIONS') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    #
+    # Custom headers and headers various browsers *should* be OK with but aren't
+    #
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    #
+    # Tell client that this pre-flight info is valid for 20 days
+    #
+    add_header 'Access-Control-Max-Age' 1728000;
+    add_header 'Content-Type' 'text/plain; charset=utf-8';
+    add_header 'Content-Length' 0;
+    return 204;
+}
+if ($request_method = 'POST') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+}
+if ($request_method = 'GET') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+}
\ No newline at end of file
diff --git a/setup-scripts/setup-docker-services.sh b/setup-scripts/setup-docker-services.sh
index 26cd6c95..92525f07 100755
--- a/setup-scripts/setup-docker-services.sh
+++ b/setup-scripts/setup-docker-services.sh
@@ -24,7 +24,7 @@ docker-compose --version # sanity check
 # CLOUDFLARE_AUTH_TOKEN - cloudflare auth token for ssl generation (just for siasky.net)
 if ! [ -f /home/user/skynet-webportal/.env ]; then
     HSD_API_KEY=$(openssl rand -base64 32) # generate safe random key for handshake
-    printf "DOMAIN_NAME=example.com\nEMAIL_ADDRESS=email@example.com\nSIA_API_AUTHORIZATION=\nCLOUDFLARE_AUTH_TOKEN=\nHSD_API_KEY=${HSD_API_KEY}\n" > /home/user/skynet-webportal/.env
+    printf "DOMAIN_NAME=example.com\nEMAIL_ADDRESS=email@example.com\nSIA_API_AUTHORIZATION=\nCLOUDFLARE_AUTH_TOKEN=\nHSD_API_KEY=${HSD_API_KEY}\nAWS_ACCESS_KEY_ID=\nAWS_SECRET_ACCESS_KEY=\n" > /home/user/skynet-webportal/.env
 fi
 
 # Start docker container with nginx and client