diff --git a/server/main.go b/server/main.go
index e55e29dc..66f43970 100644
--- a/server/main.go
+++ b/server/main.go
@@ -131,6 +131,7 @@ func main() {
 
 	// create the router and add middleware
 	mux := router.New()
+	mux.Use(middleware.Options)
 	mux.Use(ContextMiddleware)
 	mux.Use(middleware.SetHeaders)
 	mux.Use(middleware.SetUser)
diff --git a/server/middleware/options.go b/server/middleware/options.go
new file mode 100644
index 00000000..42aefc77
--- /dev/null
+++ b/server/middleware/options.go
@@ -0,0 +1,24 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/zenazn/goji/web"
+)
+
+// Options automatically return an appropriate "Allow" header when the
+// request method is OPTIONS and the request would have otherwise been 404'd.
+func Options(c *web.C, h http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == "OPTIONS" {
+			w.Header().Set("Access-Control-Allow-Origin", "*")
+			w.Header().Set("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS")
+			w.Header().Set("Access-Control-Allow-Headers", "Authorization")
+			w.Header().Set("Allow", "HEAD,GET,POST,PUT,DELETE,OPTIONS")
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+		h.ServeHTTP(w, r)
+	}
+	return http.HandlerFunc(fn)
+}