diff --git a/src/octoprint/server/api/__init__.py b/src/octoprint/server/api/__init__.py
index c384b56c..ccfa1590 100644
--- a/src/octoprint/server/api/__init__.py
+++ b/src/octoprint/server/api/__init__.py
@@ -63,7 +63,7 @@ def beforeApiRequests():
 	the request.
 	"""
 
-	if request.method == 'OPTIONS':
+	if request.method == 'OPTIONS' and s().getBoolean(["api", "allowCrossOrigin"]):
 		return optionsAllowOrigin(request)
 
 	apikey = getApiKey(request)
@@ -93,13 +93,14 @@ def beforeApiRequests():
 
 @api.after_request
 def afterApiRequests(resp):
-    """"""
+	""""""
 
     # Allow crossdomain
-    if request.method != 'OPTIONS' and 'Origin' in request.headers:
-        resp.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
+	allowCrossOrigin = s().getBoolean(["api", "allowCrossOrigin"])
+	if request.method != 'OPTIONS' and 'Origin' in request.headers and allowCrossOrigin:
+		resp.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
 
-    return resp
+	return resp
 
 
 #~~ first run setup
diff --git a/src/octoprint/settings.py b/src/octoprint/settings.py
index 54285cb3..d599791e 100644
--- a/src/octoprint/settings.py
+++ b/src/octoprint/settings.py
@@ -131,7 +131,8 @@ default_settings = {
 	},
 	"api": {
 		"enabled": False,
-		"key": ''.join('%02X' % ord(z) for z in uuid.uuid4().bytes)
+		"key": ''.join('%02X' % ord(z) for z in uuid.uuid4().bytes),
+		"allowCrossOrigin": False
 	},
 	"terminalFilters": [
 		{ "name": "Suppress M105 requests/responses", "regex": "(Send: M105)|(Recv: ok T\d*:)" },