diff --git a/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts b/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts
index f107c14d89..6ab1d1559c 100644
--- a/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts
+++ b/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts
@@ -48,7 +48,7 @@ export class MastodonApiServerService {
 		fastify.addContentTypeParser(['application/x-www-form-urlencoded'], { parseAs: 'string' }, (req, body, done) => {
 			const dataObj: any = {};
 			const parsedData = new URLSearchParams(body as string);
-			for (let pair of parsedData.entries()) {
+			for (const pair of parsedData.entries()) {
 				dataObj[pair[0]] = pair[1];
 			}
 			done(null, dataObj);
diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
index 973f9c1eb4..1cac987f01 100644
--- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts
+++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
@@ -37,6 +37,20 @@ export class OAuth2ProviderService {
 			});
 		}); */
 
+		fastify.addHook('onRequest', (request, reply, done) => {
+			reply.header('Access-Control-Allow-Origin', '*');
+			done();
+		});
+
+		fastify.addContentTypeParser(['application/x-www-form-urlencoded'], { parseAs: 'string' }, (req, body, done) => {
+			const dataObj: any = {};
+			const parsedData = new URLSearchParams(body as string);
+			for (const pair of parsedData.entries()) {
+				dataObj[pair[0]] = pair[1];
+			}
+			done(null, dataObj);
+		});
+
 		fastify.get('/oauth/authorize', async (request, reply) => {
 			const query: any = request.query;
 			let param = "mastodon=true";