diff --git a/bereal/server.py b/bereal/server.py
index 77e6fa1..7e0d191 100644
--- a/bereal/server.py
+++ b/bereal/server.py
@@ -41,7 +41,7 @@
     CORS(app)
 else:
     logger.info("Enabling CORS for production")
-    CORS(app, resources={r"/*": {"origins": "https://bereal.michaeldemar.co"}})
+    CORS(app, resources={r"/*": {"origins": "https://*.michaeldemar.co"}}, supports_credentials=True)
 
 basedir = os.path.abspath(os.path.dirname(__file__))
 app.config["SQLALCHEMY_DATABASE_URI"] = f'sqlite:///{os.path.join(basedir, "tokens.db")}'
@@ -260,4 +260,4 @@ def scheduled_task():
 
     logger.info("Starting BeReal server on %s:%d...", host, port)
 
-    app.run(host=host, port=port, debug=(os.getenv("FLASK_ENV") or "production") == "development")
+    app.run(host=host, port=port, debug=FLASK_ENV == "development")
diff --git a/client/src/components/Form.tsx b/client/src/components/Form.tsx
index a8ff764..bfb2f20 100644
--- a/client/src/components/Form.tsx
+++ b/client/src/components/Form.tsx
@@ -2,11 +2,13 @@ import axios from "axios";
 import React, { useEffect, useState } from "react";
 import { toast } from "react-toastify";
 
+axios.defaults.withCredentials = true;
+
 type Stage = "phoneInput" | "otpInput" | "settings" | "videoDisplay";
 
 const IS_PRODUCTION = process.env.NODE_ENV === "production";
 const BASE_URL = IS_PRODUCTION
-  ? "https://bereal-api.michaeldemar.co"
+  ? "https://api.bereal.michaeldemar.co"
   : "http://localhost:5000";
 
 const Footer: React.FC = () => {