diff --git a/packages/bif-cmd-api-server/src/main/typescript/api-server.ts b/packages/bif-cmd-api-server/src/main/typescript/api-server.ts
index 78f8855be1..16ad49f822 100644
--- a/packages/bif-cmd-api-server/src/main/typescript/api-server.ts
+++ b/packages/bif-cmd-api-server/src/main/typescript/api-server.ts
@@ -110,10 +110,11 @@ export class ApiServer {
   createCorsMiddleware(): RequestHandler {
     const apiCorsDomainCsv = this.options.config.get('apiCorsDomainCsv');
     const allowedDomains = apiCorsDomainCsv.split(',');
+    const allDomainsAllowed = allowedDomains.includes('*');
 
     const corsOptions: CorsOptions = {
       origin: (origin: string | undefined, callback) => {
-        if (origin && allowedDomains.indexOf(origin) !== -1) {
+        if (allDomainsAllowed || origin && allowedDomains.indexOf(origin) !== -1) {
           callback(null, true);
         } else {
           callback(new Error(`CORS not allowed for Origin "${origin}".`));
diff --git a/packages/bif-cmd-api-server/src/main/typescript/config/config-service.ts b/packages/bif-cmd-api-server/src/main/typescript/config/config-service.ts
index 0eff364409..6d111cc48a 100644
--- a/packages/bif-cmd-api-server/src/main/typescript/config/config-service.ts
+++ b/packages/bif-cmd-api-server/src/main/typescript/config/config-service.ts
@@ -100,7 +100,9 @@ export class ConfigService {
         default: 4000,
       },
       apiCorsDomainCsv: {
-        doc: 'The Comma seperated list of domains to allow Cross Origin Resource Sharing from when serving API requests.',
+        doc: 'The Comma seperated list of domains to allow Cross Origin Resource Sharing from when ' +
+          'serving API requests. The wildcard (*) character is supported to allow CORS for any and all domains, ' +
+          'however using it is not recommended unless you are developing or demonstrating something with BIF.',
         format: '*',
         env: 'API_CORS_DOMAIN_CSV',
         arg: 'api-cors-domain-csv',