diff --git a/src/controllers/openid_controller.rs b/src/controllers/openid_controller.rs
index b3e0c1f..ebcf2e0 100644
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@@ -609,8 +609,9 @@ pub async fn token(
     };
 
     Ok(HttpResponse::Ok()
-        .append_header(("Cache-Control", "no-store"))
-        .append_header(("Pragam", "no-cache"))
+        .insert_header(("Cache-Control", "no-store"))
+        .insert_header(("Pragma", "no-cache"))
+        .insert_header(("access-control-allow-origin", "*"))
         .json(token_response))
 }