diff --git a/src/express/middleware/index.js b/src/express/middleware/index.js
index 60272d8db..d5994cf4e 100644
--- a/src/express/middleware/index.js
+++ b/src/express/middleware/index.js
@@ -28,13 +28,14 @@ const middleware = (payload) => [
   },
   (req, res, next) => {
     if (payload.config.cors) {
-      if (payload.config.cors.indexOf(req.headers.origin) > -1) {
-        res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
-        res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');
-      }
+      res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');
+      res.header('Access-Control-Allow-Headers', 'Origin X-Requested-With, Content-Type, Accept, Authorization');
 
-      res.header('Access-Control-Allow-Headers',
-        'Origin X-Requested-With, Content-Type, Accept, Authorization');
+      if (payload.config.cors === '*') {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+      } else if (Array.isArray(payload.config.cors) && payload.config.cors.indexOf(req.headers.origin) > -1) {
+        res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
+      }
     }
 
     next();