diff --git a/csp/settings.py b/csp/settings.py
index eeaff514b..5ec25ae2c 100644
--- a/csp/settings.py
+++ b/csp/settings.py
@@ -204,17 +204,21 @@
 CORS_REPLACE_HTTPS_REFERER = True
 # Use only to restrict to specific servers/domains
 
-# CORS_ORIGIN_WHITELIST = (
-#     'stanford-qa.com',
-# )
+CORS_ORIGIN_WHITELIST = (
+    # 'stanford-qa.com',
+    'forum.daemo.org',
+)
+
+CORS_URLS_REGEX = r'^/(api/done|v1/user/activity)/*$'
 
-CORS_URLS_REGEX = r'^/api/done/*$'
 CORS_ALLOW_METHODS = (
     'GET',
     'POST',
     'OPTIONS'
 )
 
+CORS_ALLOW_CREDENTIALS = True
+
 HALF_OFF = True
 NON_PROFIT_EMAILS = ['.edu', '.org']