diff --git a/app/Console/Commands/AcidInstall.php b/app/Console/Commands/AcidInstall.php
index 5006c1f..ae02750 100644
--- a/app/Console/Commands/AcidInstall.php
+++ b/app/Console/Commands/AcidInstall.php
@@ -48,6 +48,7 @@ public function handle()
             }
     
             $this->call('passport:install', ['--force']);
+            $this->call('vendor:publish', ['--tag="cors"']);
         } catch (\Exception $ex) {
             $this->error($ex->getMessage());
         }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index d3ed766..8039090 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -19,7 +19,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\TrustProxies::class,
-        \Barryvdh\Cors\HandleCors::class,
+        \Fruitcake\Cors\HandleCors::class,
     ];
 
     /**
diff --git a/config/cors.php b/config/cors.php
index 687a39d..5e36d1a 100644
--- a/config/cors.php
+++ b/config/cors.php
@@ -4,20 +4,57 @@
 
     /*
     |--------------------------------------------------------------------------
-    | Laravel CORS
+    | Laravel CORS Options
     |--------------------------------------------------------------------------
     |
-    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
-    | to accept any value.
+    | The allowed_methods and allowed_headers options are case-insensitive.
+    |
+    | You don't need to provide both allowed_origins and allowed_origins_patterns.
+    | If one of the strings passed matches, it is considered a valid origin.
+    |
+    | If array('*') is provided to allowed_methods, allowed_origins or allowed_headers
+    | all methods / origins / headers are allowed.
     |
     */
-   
-    'supportsCredentials' => false,
-    'allowedOrigins' => ['*'],
-    'allowedOriginsPatterns' => ['*'],
-    'allowedHeaders' => ['*'],
-    'allowedMethods' => ['*'],
-    'exposedHeaders' => [],
-    'maxAge' => 0,
 
+    /*
+     * You can enable CORS for 1 or multiple paths.
+     * Example: ['api/*']
+     */
+    'paths' => ['api/*'],
+
+    /*
+    * Matches the request method. `[*]` allows all methods.
+    */
+    'allowed_methods' => ['*'],
+
+    /*
+     * Matches the request origin. `[*]` allows all origins. Wildcards can be used, eg `*.mydomain.com`
+     */
+    'allowed_origins' => ['*'],
+
+    /*
+     * Patterns that can be used with `preg_match` to match the origin.
+     */
+    'allowed_origins_patterns' => [],
+
+    /*
+     * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
+     */
+    'allowed_headers' => ['*'],
+
+    /*
+     * Sets the Access-Control-Expose-Headers response header with these headers.
+     */
+    'exposed_headers' => [],
+
+    /*
+     * Sets the Access-Control-Max-Age response header when > 0.
+     */
+    'max_age' => 0,
+
+    /*
+     * Sets the Access-Control-Allow-Credentials header.
+     */
+    'supports_credentials' => false,
 ];