diff --git a/TheBenchBackend/theBenchBackend/theBenchBackend/settings.py b/TheBenchBackend/theBenchBackend/theBenchBackend/settings.py
index 0a718d1..ca96ba0 100644
--- a/TheBenchBackend/theBenchBackend/theBenchBackend/settings.py
+++ b/TheBenchBackend/theBenchBackend/theBenchBackend/settings.py
@@ -31,6 +31,7 @@
 # Application definition
 
 INSTALLED_APPS = [
+    'corsheaders',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -46,14 +47,23 @@
 
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
+CORS_ORIGIN_WHITELIST = [
+    'http://localhost:3000',
+    'https://localhost:3000',
+    'http://127.0.0.1:3000',
+    'https://127.0.0.1:3000',
+    ]
+
+CORS_ALLOW_CREDENTIALS = True
+
 ROOT_URLCONF = 'theBenchBackend.urls'
 
 TEMPLATES = [
diff --git a/TheBenchBackend/theBenchBackend/theBenchBackend/urls.py b/TheBenchBackend/theBenchBackend/theBenchBackend/urls.py
index 4391cdc..dcd6362 100644
--- a/TheBenchBackend/theBenchBackend/theBenchBackend/urls.py
+++ b/TheBenchBackend/theBenchBackend/theBenchBackend/urls.py
@@ -16,10 +16,9 @@
 from django.contrib import admin
 from django.urls import path
 
-from django.views.decorators.csrf import csrf_exempt
 from graphene_django.views import GraphQLView
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-    path('graphql/', csrf_exempt(GraphQLView.as_view(graphiql=True))),
+    path('graphql/', GraphQLView.as_view(graphiql=True)),
 ]