diff --git a/apps/faf-user-service/templates/ingress.yaml b/apps/faf-user-service/templates/ingress.yaml
index eb6236b5..343015bc 100644
--- a/apps/faf-user-service/templates/ingress.yaml
+++ b/apps/faf-user-service/templates/ingress.yaml
@@ -1,3 +1,25 @@
+{{- if .Values.cors.enabled }}
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: faf-user-service-cors
+spec:
+  headers:
+    accessControlAllowMethods:
+      - "GET"
+      - "POST"
+      - "OPTIONS"
+    accessControlAllowHeaders:
+      - "Content-Type"
+      - "Authorization"
+      - "X-HMAC"
+    accessControlAllowOriginListRegex:
+      {{- toYaml .Values.cors.allowOriginListRegex | nindent 6 }}
+    accessControlAllowCredentials: true
+    accessControlMaxAge: 600
+    addVaryHeader: true
+---
+{{- end }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -11,3 +33,7 @@ spec:
       services:
         - name: faf-user-service
           port: 8080
+      {{- if .Values.cors.enabled }}
+      middlewares:
+        - name: faf-user-service-cors
+      {{- end }}
diff --git a/apps/faf-user-service/values-test.yaml b/apps/faf-user-service/values-test.yaml
new file mode 100644
index 00000000..7901fc26
--- /dev/null
+++ b/apps/faf-user-service/values-test.yaml
@@ -0,0 +1,5 @@
+cors:
+  enabled: true
+  allowOriginListRegex:
+    - "^https?://localhost(:[0-9]+)?$"
+    - "^https?://127\\.0\\.0\\.1(:[0-9]+)?$"
diff --git a/apps/faf-user-service/values.yaml b/apps/faf-user-service/values.yaml
index e0d9d50a..851514ec 100644
--- a/apps/faf-user-service/values.yaml
+++ b/apps/faf-user-service/values.yaml
@@ -1,2 +1,5 @@
 infisical-secret:
   name: faf-user-service
+cors:
+  enabled: false
+  allowOriginListRegex: []
diff --git a/apps/ory-hydra/templates/ingress.yaml b/apps/ory-hydra/templates/ingress.yaml
index d0278271..5d87404d 100644
--- a/apps/ory-hydra/templates/ingress.yaml
+++ b/apps/ory-hydra/templates/ingress.yaml
@@ -1,3 +1,24 @@
+{{- if .Values.cors.enabled }}
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: ory-hydra-cors
+spec:
+  headers:
+    accessControlAllowMethods:
+      - "GET"
+      - "POST"
+      - "OPTIONS"
+    accessControlAllowHeaders:
+      - "Content-Type"
+      - "Authorization"
+      - "X-HMAC"
+    accessControlAllowOriginListRegex:
+      {{- toYaml .Values.cors.allowOriginListRegex | nindent 6 }}
+    accessControlMaxAge: 600
+    addVaryHeader: true
+---
+{{- end }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -11,3 +32,7 @@ spec:
       services:
         - name: ory-hydra
           port: 4444
+      {{- if .Values.cors.enabled }}
+      middlewares:
+        - name: ory-hydra-cors
+      {{- end }}
diff --git a/apps/ory-hydra/values-test.yaml b/apps/ory-hydra/values-test.yaml
new file mode 100644
index 00000000..7901fc26
--- /dev/null
+++ b/apps/ory-hydra/values-test.yaml
@@ -0,0 +1,5 @@
+cors:
+  enabled: true
+  allowOriginListRegex:
+    - "^https?://localhost(:[0-9]+)?$"
+    - "^https?://127\\.0\\.0\\.1(:[0-9]+)?$"
diff --git a/apps/ory-hydra/values.yaml b/apps/ory-hydra/values.yaml
index 1a869f04..f619ff65 100644
--- a/apps/ory-hydra/values.yaml
+++ b/apps/ory-hydra/values.yaml
@@ -3,6 +3,9 @@ image:
   tag: "v25.4.0"
 infisical-secret:
   name: ory-hydra
+cors:
+  enabled: false
+  allowOriginListRegex: []
 clients:
   - name: "FAF Client"
     id: "2e8808cf-5889-469b-b2c3-01f0cc58c4af"
diff --git a/disabled/reloader/Chart.yaml b/disabled/reloader/Chart.yaml
index 021bb898..0fa57389 100644
--- a/disabled/reloader/Chart.yaml
+++ b/disabled/reloader/Chart.yaml
@@ -3,5 +3,5 @@ name: reloader
 version: 1.0.0
 dependencies:
 - name: reloader
-  version: 2.2.9
+  version: 2.2.11
   repository: https://stakater.github.io/stakater-charts