diff --git a/packages.sh b/packages.sh
index d0e3d00..1681040 100755
--- a/packages.sh
+++ b/packages.sh
@@ -1,5 +1,6 @@
 pip install django 
 
+pip install django-cors-headers
 pip install djangorestframework 
 pip install django-filter
 pip install django-rest-enumfield
diff --git a/portfolio/__pycache__/settings.cpython-36.pyc b/portfolio/__pycache__/settings.cpython-36.pyc
index 3b1f65d..f6723aa 100644
Binary files a/portfolio/__pycache__/settings.cpython-36.pyc and b/portfolio/__pycache__/settings.cpython-36.pyc differ
diff --git a/portfolio/settings.py b/portfolio/settings.py
index b1a4dde..24ceb33 100755
--- a/portfolio/settings.py
+++ b/portfolio/settings.py
@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
 """
 
 import os
+from corsheaders.defaults import default_headers, default_methods
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -19,6 +20,30 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
 
+# SECURITY WARNING: CSRF Token for client used in production secret!
+CSRF_HEADER_NAME = 'HTTP_X_XSRF_TOKEN'
+CSRF_USE_SESSIONS = True
+
+# SECURITY WARNING: CORS Settings
+# CORS_ORIGIN_ALLOW_ALL = True
+CORS_ORIGIN_WHITELIST = [
+    "http://localhost:8000"
+]
+CSRF_TRUSTED_ORIGINS  =  [ 
+    'localhost:8000'
+]
+CORS_ALLOW_HEADERS = list(default_headers) + [
+    'authorization'
+    'x-csrftoken',
+]
+CORS_ALLOW_METHODS = list(default_methods) +  [
+    'GET',
+    'POST',
+    'PUT',
+    'PATCH',
+    'DELETE'
+]
+
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'm$*%jdbc!ig9@#9uga-z($v^f9jk_l($y*mrpzz^u@3fnr2q!a'
 
@@ -38,6 +63,7 @@ INSTALLED_APPS = [
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django_extensions',
+    'corsheaders',
     'rest_framework',
     'drf_yasg',
     'rest_framework.authtoken',
@@ -52,6 +78,7 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
@@ -162,7 +189,7 @@ SWAGGER_SETTINGS = {
 
 # UML options
 
-# GRAPH_MODELS = {
-#   'all_applications': True,
-#   'group_models': True,
-# }
\ No newline at end of file
+GRAPH_MODELS = {
+  'all_applications': True,
+  'group_models': True,
+}
\ No newline at end of file