diff --git a/apps/web/next.config.mjs b/apps/web/next.config.mjs
index 696f7346..959ac96c 100644
--- a/apps/web/next.config.mjs
+++ b/apps/web/next.config.mjs
@@ -19,23 +19,6 @@ const config = {
     locales: ['en'],
     defaultLocale: 'en',
   },
-  async headers() {
-    return [
-      {
-        source: '/api/sdk/:path*',
-        headers: [
-          { key: 'Access-Control-Allow-Credentials', value: 'true' },
-          { key: 'Access-Control-Allow-Origin', value: '*' },
-          { key: 'Access-Control-Allow-Methods', value: 'POST,PUT' },
-          // {
-          //   key: 'Access-Control-Allow-Headers',
-          //   value:
-          //     'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version',
-          // },
-        ],
-      },
-    ];
-  },
 };
 
 export default config;
diff --git a/apps/web/src/_middleware.ts b/apps/web/src/_middleware.ts
deleted file mode 100644
index ac9dee59..00000000
--- a/apps/web/src/_middleware.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export { default } from 'next-auth/middleware';
-
-export const config = { matcher: ['/dashboard'] };
diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts
new file mode 100644
index 00000000..346243b1
--- /dev/null
+++ b/apps/web/src/middleware.ts
@@ -0,0 +1,24 @@
+import type { NextRequest } from 'next/server';
+import { NextResponse } from 'next/server';
+
+export const config = { matcher: ['/api/sdk/:path*'] };
+
+export const cors = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Methods': 'POST, PUT, OPTIONS',
+  'Access-Control-Allow-Headers':
+    'Content-Type, Authorization, Mixan-Client-Id, Mixan-Client-Secret',
+};
+
+export function middleware(request: NextRequest) {
+  const response = NextResponse.next();
+
+  if (request.method === 'OPTIONS') {
+    return NextResponse.json({}, { headers: cors });
+  }
+
+  Object.entries(cors).forEach(([key, value]) => {
+    response.headers.append(key, value);
+  });
+  return response;
+}
diff --git a/apps/web/src/pages/api/sdk/events.ts b/apps/web/src/pages/api/sdk/events.ts
index 816ecdae..e3c4b687 100644
--- a/apps/web/src/pages/api/sdk/events.ts
+++ b/apps/web/src/pages/api/sdk/events.ts
@@ -10,6 +10,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'POST') {
     return handleError(res, createError(405, 'Method not allowed'));
   }
diff --git a/apps/web/src/pages/api/sdk/profiles/[profileId]/decrement.ts b/apps/web/src/pages/api/sdk/profiles/[profileId]/decrement.ts
index cc6f7416..211be453 100644
--- a/apps/web/src/pages/api/sdk/profiles/[profileId]/decrement.ts
+++ b/apps/web/src/pages/api/sdk/profiles/[profileId]/decrement.ts
@@ -10,6 +10,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'PUT') {
     return handleError(res, createError(405, 'Method not allowed'));
   }
diff --git a/apps/web/src/pages/api/sdk/profiles/[profileId]/increment.ts b/apps/web/src/pages/api/sdk/profiles/[profileId]/increment.ts
index 65c77ad1..665ae999 100644
--- a/apps/web/src/pages/api/sdk/profiles/[profileId]/increment.ts
+++ b/apps/web/src/pages/api/sdk/profiles/[profileId]/increment.ts
@@ -10,6 +10,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'PUT') {
     return handleError(res, createError(405, 'Method not allowed'));
   }
diff --git a/apps/web/src/pages/api/sdk/profiles/[profileId]/index.ts b/apps/web/src/pages/api/sdk/profiles/[profileId]/index.ts
index 0b052345..3ccff000 100644
--- a/apps/web/src/pages/api/sdk/profiles/[profileId]/index.ts
+++ b/apps/web/src/pages/api/sdk/profiles/[profileId]/index.ts
@@ -11,6 +11,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'PUT' && req.method !== 'POST') {
     return handleError(res, createError(405, 'Method not allowed'));
   }
diff --git a/apps/web/src/pages/api/sdk/profiles/index.ts b/apps/web/src/pages/api/sdk/profiles/index.ts
index 6276e836..7afcdbb5 100644
--- a/apps/web/src/pages/api/sdk/profiles/index.ts
+++ b/apps/web/src/pages/api/sdk/profiles/index.ts
@@ -12,6 +12,10 @@ interface Request extends NextApiRequest {
 }
 
 export default async function handler(req: Request, res: NextApiResponse) {
+  if (req.method == 'OPTIONS') {
+    return res.status(202).json({});
+  }
+
   if (req.method !== 'POST') {
     return handleError(res, createError(405, 'Method not allowed'));
   }