diff --git a/src/index.ts b/src/index.ts
index 720aa73..5287c83 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -11,6 +11,7 @@
  * Learn more at https://developers.cloudflare.com/workers/
  */
 import { Hono } from 'hono';
+import { cors } from 'hono/cors';
 
 import {
 	handleCreateRegOptions,
@@ -22,6 +23,18 @@ import {
 
 const app = new Hono();
 
+// Set up CORS headers
+app.use('*', async (ctx, next) => {
+	const corsMiddleware = cors({
+		origin: [
+			'http://localhost:8787',
+			// TODO: Populate other origins from `ctx.env` later
+		],
+	});
+
+	return corsMiddleware(ctx, next);
+});
+
 app.get('/registration/options', handleCreateRegOptions);
 app.get('/authentication/options', handleCreateAuthOptions);
 app.post('/registration/verify', handleVerifyRegResponse);
diff --git a/test/index.spec.ts b/test/index.spec.ts
index 8329acd..f1fff99 100644
--- a/test/index.spec.ts
+++ b/test/index.spec.ts
@@ -47,4 +47,10 @@ describe('Routing tests', () => {
 		const response = await SELF.fetch('https://example.com', { method: 'PUT' });
 		expect(response.status).toBe(404);
 	});
+
+	it('sets cors headers', async () => {
+		const response = await SELF.fetch('https://example.com/registration/options');
+
+		expect(response.headers.get('Access-Control-Allow-Origin')).toMatch('http://localhost:8787');
+	});
 });