Index: TFP-WebServer/WebServer/src/UrlHandlers/ApiHandler.cs
===================================================================
--- TFP-WebServer/WebServer/src/UrlHandlers/ApiHandler.cs	(revision 459)
+++ TFP-WebServer/WebServer/src/UrlHandlers/ApiHandler.cs	(revision 460)
@@ -53,4 +53,22 @@
 		private static readonly UnityEngine.Profiling.CustomSampler apiHandlerSampler = UnityEngine.Profiling.CustomSampler.Create ("API_Handler");
 
+		private bool HandleCors (RequestContext _context) {
+			_context.Request.Headers.TryGetValue ("Origin", out string origin);
+			_context.Response.AddHeader ("Access-Control-Allow-Origin", origin ?? "*");
+
+			if (_context.Method != ERequestMethod.OPTIONS) {
+				return false;
+			}
+
+			if (!_context.Request.Headers.TryGetValue ("Access-Control-Request-Method", out _)) {
+				return false;
+			}
+
+			_context.Response.AddHeader ("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS, HEAD");
+			_context.Response.AddHeader ("Access-Control-Allow-Headers", "X-SDTD-API-TOKENNAME, X-SDTD-API-SECRET");
+			_context.Response.AddHeader ("Access-Control-Allow-Credentials", "true");
+			return true;
+		}
+
 		public override void HandleRequest (RequestContext _context) {
 
@@ -72,4 +90,10 @@
 			}
 
+			// CORS specific stuff
+			if (HandleCors (_context)) {
+				return;
+			}
+			// CORS end
+			
 			_context.RequestPath = subPath;