diff --git a/Sources/AppAuth/macOS/OKTRedirectHTTPHandler.m b/Sources/AppAuth/macOS/OKTRedirectHTTPHandler.m
index aeb24165cc9..587a21439a5 100644
--- a/Sources/AppAuth/macOS/OKTRedirectHTTPHandler.m
+++ b/Sources/AppAuth/macOS/OKTRedirectHTTPHandler.m
@@ -141,6 +141,13 @@ - (void)HTTPConnection:(HTTPConnection *)conn didReceiveRequest:(HTTPServerReque
                                                             200,
                                                             NULL,
                                                             kCFHTTPVersion1_1);
+    CFStringRef origin = CFHTTPMessageCopyHeaderFieldValue(mess.request, (__bridge CFStringRef)@"Origin");
+    CFHTTPMessageSetHeaderFieldValue(response,
+                                     (__bridge CFStringRef)@"Access-Control-Allow-Origin",
+                                     origin);
+    CFHTTPMessageSetHeaderFieldValue(response,
+                                     (__bridge CFStringRef)@"Access-Control-Allow-Credentials",
+                                     (__bridge CFStringRef)@"true");
     CFHTTPMessageSetHeaderFieldValue(response,
                                      (__bridge CFStringRef)@"Access-Control-Allow-Private-Network",
                                      (__bridge CFStringRef)@"true");
@@ -149,7 +156,7 @@ - (void)HTTPConnection:(HTTPConnection *)conn didReceiveRequest:(HTTPServerReque
                                      (__bridge CFStringRef)@"0");
     [mess setResponse:response];
     CFRelease(response);
-      return;
+    return;
   }
 
   // Sends URL to AppAuth.