diff --git a/src/commands/configure.rs b/src/commands/configure.rs
index 5bd9ad18c..e434bc5b5 100644
--- a/src/commands/configure.rs
+++ b/src/commands/configure.rs
@@ -4,7 +4,7 @@ use edgeql_parser::helpers::{quote_string, quote_name};
 use crate::commands::Options;
 use crate::print;
 use crate::connect::Connection;
-use crate::commands::parser::{Configure, ConfigStr, ListenAddresses, AuthParameter};
+use crate::commands::parser::{Configure, ConfigStr, ConfigStrs, ListenAddresses, AuthParameter};
 
 async fn set(cli: &mut Connection, name: &str, cast: Option<&str>, value: impl Display)
     -> Result<(), anyhow::Error>
@@ -103,6 +103,15 @@ pub async fn configure(cli: &mut Connection, _options: &Options,
         C::Set(Set { parameter: S::AllowUserSpecifiedId(ConfigStr { value }) }) => {
             set(cli, "allow_user_specified_id", None, value).await
         }
+        C::Set(Set { parameter: S::CorsAllowOrigins(ConfigStrs {values}) }) => {
+            let values = values
+                .iter()
+                .map(|x| quote_string(x))
+                .collect::<Vec<_>>().join(", ");
+            print::completion(&cli.execute(
+                &format!("CONFIGURE INSTANCE SET cors_allow_origins := {{{values}}}"), &()).await?);
+            Ok(())
+        }
         C::Reset(Res { parameter }) => {
             use crate::commands::parser::ConfigParameter as C;
             let name = match parameter {
@@ -121,6 +130,7 @@ pub async fn configure(cli: &mut Connection, _options: &Options,
                 C::AllowBareDdl => "allow_bare_ddl",
                 C::ApplyAccessPolicies => "apply_access_policies",
                 C::AllowUserSpecifiedId => "allow_user_specified_id",
+                C::CorsAllowOrigins => "cors_allow_origins",
             };
             print::completion(&cli.execute(
                 &format!("CONFIGURE INSTANCE RESET {name}"),
diff --git a/src/commands/parser.rs b/src/commands/parser.rs
index 9956d0ef0..1ae590984 100644
--- a/src/commands/parser.rs
+++ b/src/commands/parser.rs
@@ -129,7 +129,7 @@ pub enum DatabaseCmd {
     /// Delete a database along with its data
     Drop(DropDatabase),
     /// Delete a database's data and reset its schema while
-    /// preserving the database itself (its cfg::DatabaseConfig) 
+    /// preserving the database itself (its cfg::DatabaseConfig)
     /// and existing migration scripts
     Wipe(WipeDatabase),
 }
@@ -523,6 +523,9 @@ pub enum ValueParameter {
 
     /// Allow setting user-specified object identifiers.
     AllowUserSpecifiedId(ConfigStr),
+
+    /// Web origins that are allowed to send HTTP requests to this server.
+    CorsAllowOrigins(ConfigStrs)
 }
 
 #[derive(clap::Subcommand, Clone, Debug)]
@@ -559,6 +562,8 @@ pub enum ConfigParameter {
     ApplyAccessPolicies,
     /// Reset allow_user_specified_id parameter to `false`
     AllowUserSpecifiedId,
+    /// Reset cors_allow_origins to an empty set
+    CorsAllowOrigins,
 }
 
 #[derive(clap::Args, Clone, Debug)]
@@ -576,6 +581,11 @@ pub struct ConfigStr {
     pub value: String,
 }
 
+#[derive(clap::Args, Clone, Debug)]
+pub struct ConfigStrs {
+    pub values: Vec<String>,
+}
+
 #[derive(clap::Args, Clone, Debug)]
 pub struct AuthParameter {
     /// Priority of the authentication rule. The lower the number, the