diff --git a/config/cors.config.js b/config/cors.config.js
new file mode 100644
index 0000000..99b0156
--- /dev/null
+++ b/config/cors.config.js
@@ -0,0 +1,26 @@
+const cors = require('cors');
+module.exports.cors = cors;
+
+const allowList = [
+    'http://127.0.0.1:4200',
+    'http://127.0.0.1:4201',
+    'https://admin-polynotfound.herokuapp.com/',
+    'https://polynotfound.herokuapp.com/'
+];
+
+const corsOptionsDelegate = function(req, callback) {
+    let corsOptions;
+    if (allowList.indexOf(req.header('Origin')) !== -1) {
+        corsOptions = {
+            origin: true,
+            credentials: true
+        }
+    } else {
+        corsOptions = {
+            origin: false,
+            credentials: true
+        }
+    }
+    callback(null, corsOptions)
+}
+module.exports.options = corsOptionsDelegate;
\ No newline at end of file
diff --git a/routes/user.routes.js b/routes/user.routes.js
index 346cb04..4d62364 100644
--- a/routes/user.routes.js
+++ b/routes/user.routes.js
@@ -1,42 +1,43 @@
 const users = require("../controllers/user.controller");
+const {cors, options} = require("../config/cors.config");
 module.exports = app => {
   let router = require("express").Router();
 
   // Authenticate a User
-  router.post("/user/auth", users.auth);
+  router.post("/user/auth", cors(options), users.auth);
 
   // Logout a User
-  router.delete("/user/logout", users.logout);
+  router.delete("/user/logout", cors(options), users.logout);
 
   // Request password reset with email
-  router.post("/user/resetPass", users.resetPass);
+  router.post("/user/resetPass", cors(options), users.resetPass);
 
   // Create and Save a new User
-  router.post("/user/create", users.create);
+  router.post("/user/create", cors(options), users.create);
 
   // Retrieve all Users if admin
-  router.get("/user/findAll", users.findAll);
+  router.get("/user/findAll", cors(options), users.findAll);
 
   // Find single User from id if admin or session id
-  router.get("/user/findOne/:id", users.findOne);
+  router.get("/user/findOne/:id", cors(options), users.findOne);
 
   // Update a User from id if admin or session id
-  router.put("/user/update/:id", users.update);
+  router.put("/user/update/:id", cors(options), users.update);
 
   // Delete a User from id if admin or session id
-  router.delete("/user/delete/:id", users.delete);
+  router.delete("/user/delete/:id", cors(options), users.delete);
 
   // Delete all Users if superAdmin
-  router.delete("/user/deleteAll", users.deleteAll);
+  router.delete("/user/deleteAll", cors(options), users.deleteAll);
 
   // Get all Roles depending on the User session id
-  router.get("/user/roles", users.roles);
+  router.get("/user/roles", cors(options), users.roles);
 
   // Get 1 or multiple ad adapted to the User session id
-  router.get("/user/ad", users.ad);
+  router.get("/user/ad", cors(options), users.ad);
 
   // Get History
-  router.get("/user/history", users.history);
+  router.get("/user/history", cors(options), users.history);
 
   app.use('/api', router);
 };
diff --git a/server.js b/server.js
index 0dd8921..c17846b 100644
--- a/server.js
+++ b/server.js
@@ -9,17 +9,6 @@ const bodyParser = require('body-parser');
 app.use(bodyParser.urlencoded({extended:true}));
 app.use(bodyParser.json());
 
-const cors = require('cors');
-app.use(cors({
-  origin: [
-    'http://127.0.0.1:4200',
-    'http://127.0.0.1:4201',
-    'https://admin-polynotfound.herokuapp.com/',
-    'https://polynotfound.herokuapp.com/'
-  ],
-  credentials: true
-}));
-
 const db = require("./models/mongodb.model");
 console.log("Db Url: ",db.url);
 db.mongoose