diff --git a/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SituationReportEndpoint.java b/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SituationReportEndpoint.java
index e80a9445a4..035eb31126 100644
--- a/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SituationReportEndpoint.java
+++ b/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SituationReportEndpoint.java
@@ -37,6 +37,7 @@
 
 @Path("/situationReport")
 @Api(value = "SituationReportEndpoint", authorizations = { @Authorization(value = "Webade-OAUTH2", scopes = { @AuthorizationScope(scope = Scopes.GET_TOPLEVEL, description = "") }) })
+@CrossOrigin(origins = "*", allowedHeaders = "*", methods = {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.HEAD, RequestMethod.PUT, RequestMethod.POST, RequestMethod.DELETE}, allowCredentials = "true")
 public interface SituationReportEndpoint extends BaseEndpoints {
   @ApiOperation(value = "Add a Sitation Report Resource", response = SituationReportResource.class, notes = "Add a Situation Report", authorizations = { @Authorization(value = "Webade-OAUTH2", scopes = { @AuthorizationScope(scope = Scopes.CREATE_PUBLISHED_INCIDENT, description = "") }) }, extensions = {@Extension(properties = {@ExtensionProperty(name = "auth-type", value = "#{wso2.x-auth-type.app_and_app_user}"), @ExtensionProperty(name = "throttling-tier", value = "Unlimited") })})
 	@ApiImplicitParams({
diff --git a/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/SecuritySpringConfig.java b/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/SecuritySpringConfig.java
index 6ac25396e3..8630b9f2e7 100644
--- a/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/SecuritySpringConfig.java
+++ b/server/wfnews-api/wfnews-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/SecuritySpringConfig.java
@@ -142,7 +142,7 @@ public CorsConfigurationSource corsConfigurationSource() {
 
     configuration.setAllowedOrigins(Collections.unmodifiableList(Arrays.asList("*")));
     configuration.setAllowedMethods(Collections.unmodifiableList(Arrays.asList("HEAD", "GET", "POST", "DELETE", "PUT", "OPTIONS")));
-    // configuration.setAllowCredentials(true);
+    configuration.setAllowCredentials(true);
     configuration.setAllowedHeaders(Collections.unmodifiableList(Arrays.asList("*")));
 
     final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();