diff --git a/Pipfile b/Pipfile
index 474d57489f323ac51da89ff2501cddeb5d1dca87..982e94111e53f445d97d980aa064b960f975f65b 100644
--- a/Pipfile
+++ b/Pipfile
@@ -4,7 +4,7 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 
 [dev-packages]
-black = "*"
+black = "==20.8b1"
 pre-commit = "*"
 pytest = "*"
 pytest-cov = "*"
@@ -14,7 +14,7 @@ webtest = "*"
 numpy = "*"
 scipy = "*"
 obspy = "*"
-pycurl = "*"
+pycurl = "==7.43.0.5"
 authlib = "*"
 cryptography = "*"
 databases = {extras = ["postgresql", "sqlite"],version = "*"}
diff --git a/geomagio/api/ws/app.py b/geomagio/api/ws/app.py
index 9431fc44756063c5258b4052fc3dc4f0c35e2186..6f2c49e555bd6913befc73169dd22539089d56cb 100644
--- a/geomagio/api/ws/app.py
+++ b/geomagio/api/ws/app.py
@@ -31,6 +31,18 @@ app.include_router(elements.router)
 app.include_router(observatories.router)
 
 
+@app.middleware("http")
+async def add_headers(request: Request, call_next):
+    response = await call_next(request)
+    response.headers[
+        "Access-Control-Allow-Headers"
+    ] = "accept, origin, authorization, content-type"
+    response.headers["Access-Control-Allow-Methods"] = "*"
+    response.headers["Access-Control-Allow-Origin"] = "*"
+    response.headers["Cache-Control"] = "max-age=60"
+    return response
+
+
 @app.get("/", include_in_schema=False)
 async def redirect_to_docs():
     return RedirectResponse("/ws/docs")