diff --git a/BTCPayServer/Controllers/InvoiceController.UI.cs b/BTCPayServer/Controllers/InvoiceController.UI.cs
index bdaceaf50..303c4fd76 100644
--- a/BTCPayServer/Controllers/InvoiceController.UI.cs
+++ b/BTCPayServer/Controllers/InvoiceController.UI.cs
@@ -3,6 +3,7 @@ using BTCPayServer.Filters;
 using BTCPayServer.Models.InvoicingModels;
 using BTCPayServer.Servcices.Invoices;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Rendering;
 using NBitcoin;
@@ -149,6 +150,7 @@ namespace BTCPayServer.Controllers
 
 		[HttpGet]
 		[Route("i/{invoiceId}/status")]
+		[DisableCors]
 		public async Task<IActionResult> GetStatus(string invoiceId)
 		{
 			var invoice = await _InvoiceRepository.GetInvoice(null, invoiceId);
@@ -159,6 +161,7 @@ namespace BTCPayServer.Controllers
 
 		[HttpPost]
 		[Route("i/{invoiceId}/UpdateCustomer")]
+		[DisableCors]
 		public async Task<IActionResult> UpdateCustomer(string invoiceId, [FromBody]UpdateCustomerModel data)
 		{
 			if(!ModelState.IsValid)
diff --git a/BTCPayServer/Hosting/Startup.cs b/BTCPayServer/Hosting/Startup.cs
index cda88faf8..fdef043f9 100644
--- a/BTCPayServer/Hosting/Startup.cs
+++ b/BTCPayServer/Hosting/Startup.cs
@@ -106,6 +106,7 @@ namespace BTCPayServer.Hosting
 		   }));
 
 			services.AddHangfire(configuration);
+			services.AddCors();
 
 			services.Configure<IOptions<ApplicationInsightsServiceOptions>>(o =>
 			{
@@ -134,7 +135,10 @@ namespace BTCPayServer.Hosting
 			app.UsePayServer();
 			app.UseStaticFiles();
 			app.UseAuthentication();
-
+			app.UseCors(b =>
+			{
+				b.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
+			});
 			app.UseHangfireServer();
 			app.UseHangfireDashboard("/hangfire", new DashboardOptions() { Authorization = new[] { new NeedRole(Roles.ServerAdmin) } });
 			app.UseMvc(routes =>