diff --git a/package.json b/package.json
index 5a7b297..0918f52 100644
--- a/package.json
+++ b/package.json
@@ -47,4 +47,4 @@
       "last 1 safari version"
     ]
   }
-}
\ No newline at end of file
+}
diff --git a/serverless/functions/check-verify.js b/serverless/functions/check-verify.js
index fcb1a40..6d6c2b5 100644
--- a/serverless/functions/check-verify.js
+++ b/serverless/functions/check-verify.js
@@ -21,9 +21,9 @@ exports.handler = function(context, event, callback) {
   response.appendHeader('Content-Type', 'application/json');
   
   // uncomment to support CORS
-  // response.appendHeader('Access-Control-Allow-Origin', '*');
-  // response.appendHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
-  // response.appendHeader('Access-Control-Allow-Headers', 'Content-Type');
+  response.appendHeader('Access-Control-Allow-Origin', '*');
+  response.appendHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  response.appendHeader('Access-Control-Allow-Headers', 'Content-Type');
 
   if (typeof event.to === 'undefined' ||
       typeof event.verification_code === 'undefined') {
diff --git a/serverless/functions/start-verify.js b/serverless/functions/start-verify.js
index cbc3296..58ed9d0 100644
--- a/serverless/functions/start-verify.js
+++ b/serverless/functions/start-verify.js
@@ -24,9 +24,9 @@ exports.handler = function(context, event, callback) {
   response.appendHeader('Content-Type', 'application/json');
   
   // uncomment to support CORS
-  // response.appendHeader('Access-Control-Allow-Origin', '*');
-  // response.appendHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
-  // response.appendHeader('Access-Control-Allow-Headers', 'Content-Type');
+  response.appendHeader('Access-Control-Allow-Origin', '*');
+  response.appendHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  response.appendHeader('Access-Control-Allow-Headers', 'Content-Type');
 
   if (typeof event.to === 'undefined') {
     response.setBody({