diff --git a/api/app.py b/api/app.py
index 90fa76f..7e4622f 100644
--- a/api/app.py
+++ b/api/app.py
@@ -1,5 +1,6 @@
 from dotenv import load_dotenv
 from flask import Flask, jsonify
+from flask_cors import CORS
 from flask_jwt_extended import JWTManager
 from jwt import ExpiredSignatureError
 from models import db, RevokedToken
@@ -12,6 +13,7 @@ def create_app(config_name="default"):
     """Creates and returns a new instance of Flask app."""
     load_dotenv()
     app = Flask(__name__)
+    CORS(app, supports_credentials=True, origins=os.getenv("FRONTEND_ORIGIN", "").split(","))
 
     # Database settings
     if config_name == "testing":
@@ -23,6 +25,7 @@ def create_app(config_name="default"):
 
     # JWT settings
     app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY", "changeme")
+    app.config["JWT_TOKEN_LOCATION"] = ["cookies", "headers"]
 
     # Blueprints registration
     app.register_blueprint(user_bp)
diff --git a/api/requirements.txt b/api/requirements.txt
index 20df243..be29389 100644
--- a/api/requirements.txt
+++ b/api/requirements.txt
@@ -1,6 +1,7 @@
 blinker==1.7.0
 click==8.1.7
 Flask==3.0.0
+flask-cors==5.0.1
 Flask-JWT-Extended==4.7.1
 Flask-SQLAlchemy==3.1.1
 greenlet==3.0.1
diff --git a/api/task_views.py b/api/task_views.py
index be09b97..2289247 100644
--- a/api/task_views.py
+++ b/api/task_views.py
@@ -100,10 +100,11 @@ def check_if_task_exists(task):
 
 def validate_task_data(task):
     due_date = task.get('due_date')
-    try:
-        datetime.strptime(due_date, '%d-%m-%Y %H:%M')
-    except ValueError:
-        abort(400, "Incorrect datetime format. Expected DD-MM-YYYY HH:MM")
+    if due_date:
+        try:
+            datetime.strptime(due_date, '%d-%m-%Y %H:%M')
+        except ValueError:
+            abort(400, "Incorrect datetime format. Expected DD-MM-YYYY HH:MM")
     done = task.get('done')
     if done not in (0, 1):
         abort(400, "Incorrect done field value. Expected 0 or 1")