diff --git a/src/main/java/com/svlada/CustomCorsFilter.java b/src/main/java/com/svlada/CustomCorsFilter.java
new file mode 100644
index 0000000..2e2a19e
--- /dev/null
+++ b/src/main/java/com/svlada/CustomCorsFilter.java
@@ -0,0 +1,33 @@
+package com.svlada;
+
+import java.util.Arrays;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ * CustomCorsFilter
+ * 
+ * @author vladimir.stankovic
+ *
+ * Aug 3, 2016
+ */
+public class CustomCorsFilter extends CorsFilter {
+
+    public CustomCorsFilter() {
+        super(configurationSource());
+    }
+
+    private static UrlBasedCorsConfigurationSource configurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("*");
+        config.addAllowedHeader("*");
+        config.setMaxAge(36000L);
+        config.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/api/**", config);
+        return source;
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/svlada/security/config/WebSecurityConfig.java b/src/main/java/com/svlada/security/config/WebSecurityConfig.java
index c995282..7d71bb3 100644
--- a/src/main/java/com/svlada/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/svlada/security/config/WebSecurityConfig.java
@@ -12,12 +12,12 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.svlada.CustomCorsFilter;
 import com.svlada.security.RestAuthenticationEntryPoint;
 import com.svlada.security.auth.ajax.AjaxAuthenticationProvider;
 import com.svlada.security.auth.ajax.AjaxLoginProcessingFilter;
@@ -100,6 +100,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
             .authorizeRequests()
                 .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
         .and()
+            .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
     }