diff --git a/README b/README
index 6fee259..1903fbf 100644
--- a/README
+++ b/README
@@ -26,6 +26,7 @@ In order to make use of this application you will need:
   * django-simple-captcha (0.4.1)
   * django-nvd3 (0.6.0)
   * djangorestframework (2.3.14)
+  * django-cors-headers (0.12)
 * On the machine that will run the backend update script (which does not
   have to be the same machine as the web server, however it does still
   have to have Django installed, have the same or similar configuration
diff --git a/requirements.txt b/requirements.txt
index 8ad447f..b88ab2b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,7 @@ South==0.8.4
 Unidecode==0.04.16
 argparse==1.2.1
 awesome-slugify==1.5
+django-cors-headers==0.12
 django-nvd3==0.7.4
 django-registration==0.8
 django-reversion==1.6.0
diff --git a/settings.py b/settings.py
index d53a9d3..b21a5b4 100644
--- a/settings.py
+++ b/settings.py
@@ -100,6 +100,7 @@ TEMPLATE_LOADERS = (
 )
 
 MIDDLEWARE_CLASSES = (
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -109,6 +110,12 @@ MIDDLEWARE_CLASSES = (
     'reversion.middleware.RevisionMiddleware',
 )
 
+# We allow CORS calls from everybody
+CORS_ORIGIN_ALLOW_ALL = True
+# for the API pages
+CORS_URLS_REGEX = r'.*/api/.*';
+
+
 # Clickjacking protection
 X_FRAME_OPTIONS = 'DENY'
 
@@ -145,6 +152,7 @@ INSTALLED_APPS = (
     'captcha',
     'south',
     'rest_framework',
+    'corsheaders',
     'django_nvd3'
 )