diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index c6c4455d2c..e6ffed786b 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -54,6 +54,7 @@ parameter_defaults:
   # we do not want the nova-compute instance running on the undercloud for
   # Ironic to be disabled in the case of multiple deployment failures.
   NovaAutoDisabling: '0'
+  NovaCorsAllowedOrigin: '*'
   NeutronDhcpAgentsPerNetwork: 2
   HeatConvergenceEngine: true
   HeatCorsAllowedOrigin: '*'
diff --git a/puppet/services/tripleo-ui.yaml b/puppet/services/tripleo-ui.yaml
index d7ec7defb0..842c5c044b 100644
--- a/puppet/services/tripleo-ui.yaml
+++ b/puppet/services/tripleo-ui.yaml
@@ -39,6 +39,14 @@ parameters:
       tag: openstack.tripleo.ui
       # FIXME(mandre)
       path: /var/log/tripleo/ui.log
+  NovaCorsAllowedOrigin:
+    type: string
+    default: ''
+    description: Indicate whether this resource may be shared with the domain received in the request
+                 "origin" header.
+
+conditions:
+  cors_allowed_origin_unset: {equals : [{get_param: NovaCorsAllowedOrigin}, '']}
 
 resources:
 
@@ -64,6 +72,11 @@ outputs:
       config_settings:
         map_merge:
           - get_attr: [ApacheServiceBase, role_data, config_settings]
+          -
+            if:
+            - cors_allowed_origin_unset
+            - {}
+            - nova::cors::allowed_origin: {get_param: NovaCorsAllowedOrigin}
           - tripleo::ui::endpoint_proxy_zaqar: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri_no_suffix]}
             tripleo::ui::endpoint_proxy_keystone: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             tripleo::ui::endpoint_proxy_heat: {get_param: [EndpointMap, HeatInternal, uri_no_suffix]}
@@ -80,6 +93,10 @@ outputs:
             tripleo::ui::endpoint_config_mistral: {get_param: [EndpointMap, MistralUIConfig, uri]}
             tripleo::ui::endpoint_config_nova: {get_param: [EndpointMap, NovaUIConfig, uri]}
             tripleo::ui::endpoint_config_swift: {get_param: [EndpointMap, SwiftUIConfig, uri]}
+            nova::cors::max_age: 3600
+            nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
+            nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
+            nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
             tripleo::ui::bind_host:
               str_replace:
                 template: