diff --git a/common/behaviors/GsCors.php b/common/behaviors/GsCors.php
new file mode 100644
index 0000000..71e4b75
--- /dev/null
+++ b/common/behaviors/GsCors.php
@@ -0,0 +1,22 @@
+<?php
+
+
+namespace common\behaviors;
+
+
+use yii\filters\Cors;
+
+class GsCors extends Cors
+{
+
+    public function prepareHeaders($requestHeaders){
+        $responseHeaders = parent::prepareHeaders($requestHeaders);
+
+        if (isset($this->cors['Access-Control-Allow-Headers'])) {
+            $responseHeaders['Access-Control-Allow-Headers'] = implode(', ', $this->cors['Access-Control-Allow-Headers']);
+        }
+
+        return $responseHeaders;
+    }
+
+}
\ No newline at end of file
diff --git a/frontend/modules/api/controllers/SkillsController.php b/frontend/modules/api/controllers/SkillsController.php
index 40c8234..ebd7f18 100644
--- a/frontend/modules/api/controllers/SkillsController.php
+++ b/frontend/modules/api/controllers/SkillsController.php
@@ -2,6 +2,7 @@
 
 namespace frontend\modules\api\controllers;
 
+use common\behaviors\GsCors;
 use common\models\Options;
 use yii\filters\AccessControl;
 
@@ -16,6 +17,19 @@ class SkillsController extends \yii\rest\Controller
                     'application/json' => \yii\web\Response::FORMAT_JSON,
                 ],
             ],
+            'corsFilter' => [
+                'class' => GsCors::class,
+                'cors' => [
+                    'Origin' => ['*'],
+                    'Access-Control-Allow-Credentials' => true,
+                    'Access-Control-Allow-Headers' => [
+                        'Content-Type',
+                        'Access-Control-Allow-Headers',
+                        'Authorization',
+                        'X-Requested-With'
+                    ],
+                ]
+            ]
         ];
     }