diff --git a/gateway/handlers/cors.go b/gateway/handlers/cors.go
new file mode 100644
index 0000000000000000000000000000000000000000..ab959a66d2d6bce28a38f91630e153cf9bb8c7e8
--- /dev/null
+++ b/gateway/handlers/cors.go
@@ -0,0 +1,24 @@
+package handlers
+
+import "net/http"
+
+type CorsHandler struct {
+	Upstream    *http.Handler
+	AllowedHost string
+}
+
+func (c CorsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// https://raw.githubusercontent.com/openfaas/store/master/store.json
+	w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+	w.Header().Set("Access-Control-Allow-Methods", "GET")
+	w.Header().Set("Access-Control-Allow-Origin", c.AllowedHost)
+
+	(*c.Upstream).ServeHTTP(w, r)
+}
+
+func DecorateWithCORS(upstream http.Handler, allowedHost string) http.Handler {
+	return CorsHandler{
+		Upstream:    &upstream,
+		AllowedHost: allowedHost,
+	}
+}
diff --git a/gateway/server.go b/gateway/server.go
index 3b0780e052d9edb027f3c0b848e63795e50bff10..6b4f96e93d766a03a8195b37bd798e49239edfee 100644
--- a/gateway/server.go
+++ b/gateway/server.go
@@ -143,7 +143,12 @@ func main() {
 	}
 
 	fs := http.FileServer(http.Dir("./assets/"))
-	r.PathPrefix("/ui/").Handler(http.StripPrefix("/ui", fs)).Methods("GET")
+
+	// This URL allows access from the UI to the OpenFaaS store
+	allowedCORSHost := "raw.githubusercontent.com"
+	fsCORS := internalHandlers.DecorateWithCORS(fs, allowedCORSHost)
+
+	r.PathPrefix("/ui/").Handler(http.StripPrefix("/ui", fsCORS)).Methods("GET")
 
 	r.HandleFunc("/", faasHandlers.RoutelessProxy).Methods("POST")