diff --git a/roles/paas-docker/nginx/files/includes/cors-open b/roles/paas-docker/nginx/files/includes/cors-open
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/cors-open
@@ -0,0 +1,54 @@
+#   -------------------------------------------------------------
+#   Configuration for Nasqueron web sites
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   Description:    nginx CORS configuration
+#   Reference:      Michiel Kalkman, "Wide open nginx CORS configuration",
+#                   https://michielkalkman.com/snippets/nginx-cors-open-configuration/
+#   License:        Trivial work, not eligible for copyright.
+#   Source file:    roles/paas-docker/nginx/files/includes/cors-open
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+#   -------------------------------------------------------------
+#   OPTIONS
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if ($request_method = 'OPTIONS') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Max-Age' 1728000;
+    add_header 'Content-Type' 'text/plain; charset=utf-8';
+    add_header 'Content-Length' 0;
+
+    return 204;
+ }
+
+ #   -------------------------------------------------------------
+ #   GET
+ #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if ($request_method = 'GET') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+}
+
+#   -------------------------------------------------------------
+#   POST
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if ($request_method = 'POST') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+}
diff --git a/roles/paas-docker/nginx/files/vhosts/base/server.conf b/roles/paas-docker/nginx/files/vhosts/base/server.conf
--- a/roles/paas-docker/nginx/files/vhosts/base/server.conf
+++ b/roles/paas-docker/nginx/files/vhosts/base/server.conf
@@ -36,9 +36,15 @@
 
     include includes/letsencrypt;
 
-    location / {
-        root   /var/wwwroot-content/{{ fqdn }};
-        index  index.html;
+    root   /var/wwwroot-content/{{ fqdn }};
+    index  index.html;
+
+    ###
+    ### API
+    ###
+
+    location ~ [^/]\.json(/|$) {
+        include includes/cors-open;
     }
 }