diff --git a/server/server.go b/server/server.go
index 0e81cb63e66df87f1d40acc3b543af940f638e84..c59d1ca0a801aba44d4f7abe3ad863224691440c 100644
--- a/server/server.go
+++ b/server/server.go
@@ -380,6 +380,7 @@ func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor)
 		return errHTTPTooManyRequestsAttachmentBandwidthLimit
 	}
 	w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size()))
+	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
 	f, err := os.Open(file)
 	if err != nil {
 		return err