diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb
index b901bab8..2e0a0142 100644
--- a/config/nginx.conf.erb
+++ b/config/nginx.conf.erb
@@ -34,6 +34,27 @@ http {
     keepalive_timeout 5;
 
     location / {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Credentials' 'true';
+      add_header 'Access-Control-Expose-Headers' 'Content-Type, Cache-Control, Expires, Etag, Last-Modified';
+
+      if ($request_method = 'OPTIONS') {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Credentials' 'true';
+        add_header 'Access-Control-Expose-Headers' 'Content-Type, Cache-Control, Expires, Etag, Last-Modified';
+
+        # Tell browser to cache this pre-flight info for 20 days
+        add_header 'Access-Control-Max-Age' 1728000;
+
+        add_header 'Access-Control-Allow-Methods' 'HEAD, GET, POST, PATCH, PUT, DELETE, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since';
+
+        add_header 'Content-Length' 0;
+        add_header 'Content-Type' 'text/plain charset=UTF-8';
+
+        return 204;
+      }
+
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_redirect off;
diff --git a/lib/travis/api/app.rb b/lib/travis/api/app.rb
index 59b7dacc..f099787f 100644
--- a/lib/travis/api/app.rb
+++ b/lib/travis/api/app.rb
@@ -87,7 +87,7 @@ module Travis::Api
           [ 420, {}, ['Enhance Your Calm']]
         end
 
-        use Travis::Api::App::Cors
+        use Travis::Api::App::Cors if Travis.env == 'development'
         use Raven::Rack if Endpoint.production?
         use Rack::Protection::PathTraversal
         use Rack::SSL if Endpoint.production?