diff --git a/ceilometer/tests/functional/gabbi/fixtures.py b/ceilometer/tests/functional/gabbi/fixtures.py
index b0e49a6fe4..3af34673fb 100644
--- a/ceilometer/tests/functional/gabbi/fixtures.py
+++ b/ceilometer/tests/functional/gabbi/fixtures.py
@@ -22,6 +22,7 @@ from unittest import case
 import uuid
 
 from gabbi import fixture
+from oslo_config import cfg
 from oslo_config import fixture as fixture_config
 from oslo_policy import opts
 from six.moves.urllib import parse as urlparse
@@ -64,6 +65,11 @@ class ConfigFixture(fixture.GabbiFixture):
         conf.set_override('policy_file',
                           os.path.abspath('etc/ceilometer/policy.json'),
                           group='oslo_policy')
+        conf.set_override(
+            'api_paste_config',
+            os.path.abspath(
+                'ceilometer/tests/functional/gabbi/gabbi_paste.ini')
+        )
 
         # A special pipeline is required to use the direct publisher.
         conf.set_override('pipeline_cfg_file',
@@ -148,3 +154,24 @@ class EventDataFixture(fixture.GabbiFixture):
     def stop_fixture(self):
         """Destroy the events."""
         self.conn.db.event.remove({'event_type': '/^cookies_/'})
+
+
+class CORSConfigFixture(fixture.GabbiFixture):
+    """Inject mock configuration for the CORS middleware."""
+
+    def start_fixture(self):
+        # Here we monkeypatch GroupAttr.__getattr__, necessary because the
+        # paste.ini method of initializing this middleware creates its own
+        # ConfigOpts instance, bypassing the regular config fixture.
+
+        def _mock_getattr(instance, key):
+            if key != 'allowed_origin':
+                return self._original_call_method(instance, key)
+            return "http://valid.example.com"
+
+        self._original_call_method = cfg.ConfigOpts.GroupAttr.__getattr__
+        cfg.ConfigOpts.GroupAttr.__getattr__ = _mock_getattr
+
+    def stop_fixture(self):
+        """Remove the monkeypatch."""
+        cfg.ConfigOpts.GroupAttr.__getattr__ = self._original_call_method
diff --git a/ceilometer/tests/functional/gabbi/gabbi_paste.ini b/ceilometer/tests/functional/gabbi/gabbi_paste.ini
new file mode 100644
index 0000000000..2efbf9ef25
--- /dev/null
+++ b/ceilometer/tests/functional/gabbi/gabbi_paste.ini
@@ -0,0 +1,27 @@
+# Ceilometer API WSGI Pipeline
+# Define the filters that make up the pipeline for processing WSGI requests
+# Note: This pipeline is PasteDeploy's term rather than Ceilometer's pipeline
+# used for processing samples
+#
+# This version is specific for gabbi. It removes support for keystone while
+# keeping suport for CORS.
+
+# Remove authtoken from the pipeline if you don't want to use keystone authentication
+[pipeline:main]
+pipeline = cors api-server
+
+[app:api-server]
+paste.app_factory = ceilometer.api.app:app_factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = ceilometer
+latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
+latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
+latent_allow_methods = GET, PUT, POST, DELETE, PATCH
diff --git a/ceilometer/tests/functional/gabbi/gabbits/middleware.yaml b/ceilometer/tests/functional/gabbi/gabbits/middleware.yaml
new file mode 100644
index 0000000000..3d2204833f
--- /dev/null
+++ b/ceilometer/tests/functional/gabbi/gabbits/middleware.yaml
@@ -0,0 +1,44 @@
+#
+# Test the middlewares. Just CORS for now.
+#
+
+fixtures:
+    - ConfigFixture
+    - CORSConfigFixture
+
+tests:
+
+    - name: valid cors options
+      OPTIONS: /
+      status: 200
+      request_headers:
+          origin: http://valid.example.com
+          access-control-request-method: GET
+      response_headers:
+          access-control-allow-origin: http://valid.example.com
+
+    - name: invalid cors options
+      OPTIONS: /
+      status: 200
+      request_headers:
+          origin: http://invalid.example.com
+          access-control-request-method: GET
+      response_forbidden_headers:
+          - access-control-allow-origin
+
+    - name: valid cors get
+      GET: /
+      status: 200
+      request_headers:
+          origin: http://valid.example.com
+          access-control-request-method: GET
+      response_headers:
+          access-control-allow-origin: http://valid.example.com
+
+    - name: invalid cors get
+      GET: /
+      status: 200
+      request_headers:
+          origin: http://invalid.example.com
+      response_forbidden_headers:
+          - access-control-allow-origin
diff --git a/ceilometer/tests/functional/gabbi/test_gabbi.py b/ceilometer/tests/functional/gabbi/test_gabbi.py
index 584bd48ad6..8c3670c8c1 100644
--- a/ceilometer/tests/functional/gabbi/test_gabbi.py
+++ b/ceilometer/tests/functional/gabbi/test_gabbi.py
@@ -32,5 +32,5 @@ def load_tests(loader, tests, pattern):
     """Provide a TestSuite to the discovery process."""
     test_dir = os.path.join(os.path.dirname(__file__), TESTS_DIR)
     return driver.build_tests(test_dir, loader, host=None,
-                              intercept=app.setup_app,
+                              intercept=app.load_app,
                               fixture_module=fixture_module)
diff --git a/etc/ceilometer/api_paste.ini b/etc/ceilometer/api_paste.ini
index 95d50c56d9..cfb0c38adc 100644
--- a/etc/ceilometer/api_paste.ini
+++ b/etc/ceilometer/api_paste.ini
@@ -5,7 +5,7 @@
 
 # Remove authtoken from the pipeline if you don't want to use keystone authentication
 [pipeline:main]
-pipeline = request_id authtoken api-server
+pipeline = cors request_id authtoken api-server
 
 [app:api-server]
 paste.app_factory = ceilometer.api.app:app_factory
@@ -16,3 +16,9 @@ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 [filter:request_id]
 paste.filter_factory = oslo_middleware:RequestId.factory
 
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = ceilometer
+latent_allow_headers = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID
+latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID
+latent_allow_methods = GET, PUT, POST, DELETE, PATCH
\ No newline at end of file
diff --git a/etc/ceilometer/ceilometer-config-generator.conf b/etc/ceilometer/ceilometer-config-generator.conf
index 222df01f71..4fc804544a 100644
--- a/etc/ceilometer/ceilometer-config-generator.conf
+++ b/etc/ceilometer/ceilometer-config-generator.conf
@@ -6,6 +6,7 @@ namespace = oslo.concurrency
 namespace = oslo.db
 namespace = oslo.log
 namespace = oslo.messaging
+namespace = oslo.middleware.cors
 namespace = oslo.policy
 namespace = oslo.service.service
 namespace = keystonemiddleware.auth_token