diff --git a/Gemfile b/Gemfile
index 9fe511a59..a74d883fa 100644
--- a/Gemfile
+++ b/Gemfile
@@ -17,6 +17,7 @@ gem 'delayed_job_active_record'#, :group => :production
 gem 'daemons'
 gem 'grape', '~> 0.9.0'
 gem 'grape-entity'
+gem 'rack-cors', :require => 'rack/cors'
 gem 'seems_rateable', '~> 1.0.13'
 gem 'rails', '~> 3.2'
 gem "jquery-rails", "~> 2.0.2"
diff --git a/config/application.rb b/config/application.rb
index 0c55fc75f..a1e14e0d9 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -71,6 +71,14 @@ module RedmineApp
 
     config.action_view.sanitized_allowed_tags = 'div', 'p', 'span', 'img', 'embed'
 
+    config.middleware.use Rack::Cors do
+      allow do
+        origins '*'
+        # location of your API
+        resource '/api/*', :headers => :any, :methods => [:get, :post, :options, :put]
+      end
+    end
+
     config.before_initialize do
     end