diff --git a/easywks/httpd.py b/easywks/httpd.py
index 848ab5e..412d7a0 100644
--- a/easywks/httpd.py
+++ b/easywks/httpd.py
@@ -3,7 +3,15 @@ from .config import Config
 from .files import read_hashed_public_key, make_submission_address_file, make_policy_file
 from .util import hash_user_id
 
-from bottle import get, run, abort, response, request
+from bottle import get, run, response, request, HTTPError
+
+
+CORS = ('Access-Control-Allow-Origin', '*')
+
+def abort(code, text):
+    err = HTTPError(code, text)
+    err.add_header(*CORS)
+    return err
 
 
 @get('/.well-known/openpgpkey/<domain>/submission-address')
@@ -11,6 +19,7 @@ def submission_address(domain: str):
     if domain not in Config.domains:
         abort(404, 'Not Found')
     response.add_header('Content-Type', 'text/plain')
+    response.add_header(*CORS)
     return make_submission_address_file(domain)
 
 
@@ -19,6 +28,7 @@ def policy(domain: str):
     if domain not in Config.domains:
         abort(404, 'Not Found')
     response.add_header('Content-Type', 'text/plain')
+    response.add_header(*CORS)
     return make_policy_file(domain)
 
 
@@ -33,12 +43,13 @@ def hu(domain: str, userhash: str):
     try:
         pubkey = read_hashed_public_key(domain, userhash)
         response.add_header('Content-Type', 'application/octet-stream')
+        response.add_header(*CORS)
         return bytes(pubkey)
     except FileNotFoundError:
         abort(404, 'Not Found')
 
 
-def run_server(args):
+def run_server():
     run(host=Config.httpd['host'], port=Config.httpd['port'])