diff --git a/Gemfile b/Gemfile
index f824506f409..f89fae0095f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -44,6 +44,7 @@ gem "gitlab-linguist", "~> 2.9.6", require: "linguist"
 # API
 gem "grape", "~> 0.4.1"
 gem "grape-entity", "~> 0.3.0"
+gem 'rack-cors', require: 'rack/cors'
 
 # Format dates and times
 # based on human-friendly examples
diff --git a/Gemfile.lock b/Gemfile.lock
index 2b2d7c55856..23615fc692f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -335,6 +335,7 @@ GEM
       rack
     rack-cache (1.2)
       rack (>= 0.4)
+    rack-cors (0.2.9)
     rack-mini-profiler (0.1.31)
       rack (>= 1.1.3)
     rack-mount (0.8.3)
@@ -610,6 +611,7 @@ DEPENDENCIES
   pry
   quiet_assets (~> 1.0.1)
   rack-attack
+  rack-cors
   rack-mini-profiler
   rails (= 3.2.16)
   rails-dev-tweaks
diff --git a/config/application.rb b/config/application.rb
index c46ff289cf8..d160e181ec3 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -79,5 +79,13 @@ module Gitlab
     # config.relative_url_root = "/gitlab"
 
     config.middleware.use Rack::Attack
+
+    # Allow access to GitLab API from other domains
+    config.middleware.use Rack::Cors do
+      allow do
+        origins '*'
+        resource '/api/*', headers: :any, methods: [:get, :post, :options, :put]
+      end
+    end
   end
 end