diff --git a/src/rc3platform/settings/default.py b/src/rc3platform/settings/default.py
index 97c7587b3b10f35edbec4c9003cb5252e17caadd..4132f44264fe529d67eb8844e0ebcaea3486b4eb 100644
--- a/src/rc3platform/settings/default.py
+++ b/src/rc3platform/settings/default.py
@@ -71,11 +71,14 @@ if IS_BACKOFFICE:
 if IS_API or IS_BACKOFFICE:
     INSTALLED_APPS += ['corsheaders']  # noqa: F405
     # insert CORS middleware before Django's CommonMiddleware
-    MIDDLEWARE.insert(max(MIDDLEWARE.index('django.middleware.common.CommonMiddleware'), 0), 'corsheaders.middleware.CorsMiddleware')  # noqa: F405
+    MIDDLEWARE.insert(0, 'corsheaders.middleware.CorsMiddleware')  # noqa: F405
 
     # CORS spec
+    CORS_ALLOWED_ORIGINS = [
+        'https://visit.at.rc3.world',
+    ]
     CORS_ALLOWED_ORIGIN_REGEXES = [
-        r'^https://([\w\d-]+\.)*rc3.world$',
+        r'^https:\/\/([\w\d-]+\.)*rc3\.world$',
     ]
     CORS_URLS_REGEX = r'^/api/.*$'