diff --git a/templates/compose/directus-with-postgresql.yaml b/templates/compose/directus-with-postgresql.yaml
index c35e411fd..763944456 100644
--- a/templates/compose/directus-with-postgresql.yaml
+++ b/templates/compose/directus-with-postgresql.yaml
@@ -27,6 +27,11 @@ services:
       - REDIS_HOST=redis
       - REDIS_PORT=6379
       - WEBSOCKETS_ENABLED=true
+      - CORS_ENABLED=${CORS_ENABLED:-true}
+      - CORS_ORIGIN=${CORS_ORIGIN}
+      - CORS_METHODS=${CORS_METHODS:-GET,POST,PATCH,DELETE,OPTIONS}
+      - CORS_ALLOWED_HEADERS=${CORS_ALLOWED_HEADERS:-Content-Type,Authorization}
+      - CORS_CREDENTIALS=${CORS_CREDENTIALS:-true}
     healthcheck:
       test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8055/admin/login"]
       interval: 5s
diff --git a/templates/compose/directus.yaml b/templates/compose/directus.yaml
index 36589c72a..1648f7e3d 100644
--- a/templates/compose/directus.yaml
+++ b/templates/compose/directus.yaml
@@ -22,6 +22,11 @@ services:
       - DB_CLIENT=sqlite3
       - DB_FILENAME=/directus/database/data.db
       - WEBSOCKETS_ENABLED=true
+      - CORS_ENABLED=${CORS_ENABLED:-true}
+      - CORS_ORIGIN=${CORS_ORIGIN}
+      - CORS_METHODS=${CORS_METHODS:-GET,POST,PATCH,DELETE,OPTIONS}
+      - CORS_ALLOWED_HEADERS=${CORS_ALLOWED_HEADERS:-Content-Type,Authorization}
+      - CORS_CREDENTIALS=${CORS_CREDENTIALS:-true}
     healthcheck:
       test:
         ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8055/admin/login"]