diff --git a/requirements.txt b/requirements.txt
index 859badb..22f680a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,7 @@ certifi==2016.9.26
 dj-database-url==0.4.1
 dj-static==0.0.6
 django-annoying==0.10.3
+django-cors-headers==1.3.1
 django-debug-toolbar==1.3.2
 django-extensions==1.7.4
 django-haystack==2.5.1
diff --git a/settings.py b/settings.py
index 66c753a..50ba3d2 100644
--- a/settings.py
+++ b/settings.py
@@ -49,6 +49,7 @@ AUTH_PROFILE_MODULE = 'accounts.UserProfile'
 AUTHENTICATION_BACKENDS = ('utils.backends.EmailOrUsernameModelBackend',)
 BASE_PATH = os.path.dirname(__file__)
 CSRF_COOKIE_SECURE = True if 'USE_SSL' in os.environ else False
+CORS_ORIGIN_ALLOW_ALL = True
 DEBUG = True if 'DEBUG' in os.environ else False
 DEFAULT_FROM_EMAIL = os.environ.get('POSTMARK_EMAIL', 'support@snipt.net')
 EMAIL_BACKEND = 'postmark.django_backend.EmailBackend'
@@ -119,6 +120,7 @@ USE_TZ = True
 INSTALLED_APPS = (
     'accounts',
     'blogs',
+    'corsheaders',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
@@ -157,6 +159,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.security.SecurityMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',