diff --git a/main.py b/main.py
index 9079922..c102c24 100644
--- a/main.py
+++ b/main.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI
 from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware  # CORS
 
 from datetime import datetime
 from uuid import uuid4
@@ -8,7 +9,7 @@ import sqlite3
 
 # use database residing here
 DB_LOCATION = (
-    "../testbox/photovoter.dblite"  # Q: any allowances for this being not OUR database?
+    "db/photovoter.dblite"  # Q: any allowances for this being not OUR database?
 )
 
 app = FastAPI()
@@ -16,6 +17,18 @@ con = sqlite3.connect(DB_LOCATION)
 con.row_factory = sqlite3.Row
 cur = con.cursor()  # NB! single is enough for now, we might require multiple later
 
+origins = [ # CORS
+    "*",
+]
+
+app.add_middleware(  # CORS
+    CORSMiddleware,
+    allow_origins=origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 
 @app.get("/new_session", responses={503: {"description": "Unable to initiate session"}})
 async def new_session():