diff --git a/integrations/github.js b/integrations/github.js
index 18a78d9..d3a371f 100644
--- a/integrations/github.js
+++ b/integrations/github.js
@@ -2,6 +2,7 @@ const util = require('util');
 const fetch = require('node-fetch');
 const session = require('express-session');
 const grant = require('grant-express');
+const cors = require('cors');
 const amountFromLabels = require('./utils/amount-from-labels');
 const kindFromLabels = require('./utils/kind-from-labels');
 
@@ -192,15 +193,6 @@ module.exports = async function(robot, kredits) {
       }
     };
 
-    const allowCORS = function (req, res, next) {
-      res.setHeader('Access-Control-Allow-Origin', '*');
-      res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-      res.setHeader('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept');
-      res.setHeader('Access-Control-Expose-Headers', 'ETag, Content-Length');
-      next();
-    };
-    robot.router.use(allowCORS);
-
     robot.router.use(session({secret: 'grant'}));
     robot.router.use('/kredits/signup', grant(grantConfig));
 
@@ -211,11 +203,9 @@ module.exports = async function(robot, kredits) {
       res.redirect(`${kreditsWebUrl}/signup/github#access_token=${access_token}`);
     });
 
-    robot.router.options('/kredits/signup/github', async (req, res) => {
-      res.status(200).json({});
-    });
+    robot.router.options('/kredits/signup/github', cors());
 
-    robot.router.post('/kredits/signup/github', async (req, res) => {
+    robot.router.post('/kredits/signup/github', cors(), async (req, res) => {
       const accessToken = req.body.accessToken;
       if (!accessToken) {
         res.status(400).json({});
diff --git a/package-lock.json b/package-lock.json
index 5881404..d0ca77b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -571,6 +571,22 @@
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
+    "cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "dependencies": {
+        "object-assign": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+          "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
+        }
+      }
+    },
     "create-hash": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz",
diff --git a/package.json b/package.json
index 71fcc61..a80060b 100644
--- a/package.json
+++ b/package.json
@@ -10,6 +10,7 @@
     "create-wallet": "scripts/create-wallet.js"
   },
   "dependencies": {
+    "cors": "^2.8.5",
     "eth-provider": "^0.2.2",
     "ethers": "^4.0.27",
     "express": "^4.17.1",