diff --git a/core/lib/Drupal/Core/Routing/RouteSubscriberBase.php b/core/lib/Drupal/Core/Routing/RouteSubscriberBase.php
index c935fa5..8aeb840 100644
--- a/core/lib/Drupal/Core/Routing/RouteSubscriberBase.php
+++ b/core/lib/Drupal/Core/Routing/RouteSubscriberBase.php
@@ -9,6 +9,8 @@
 
 use Drupal\Core\Routing\RoutingEvents;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\Routing\RouteCollection;
 
 /**
@@ -29,6 +31,7 @@
    */
   public static function getSubscribedEvents() {
     $events[RoutingEvents::ALTER] = 'onAlterRoutes';
+    $events[KernelEvents::RESPONSE] = 'CORSResponseHeaders';
     return $events;
   }
 
@@ -43,4 +46,19 @@ public function onAlterRoutes(RouteBuildEvent $event) {
     $this->alterRoutes($collection);
   }
 
+  /**
+   *
+   * @param \Symfony\Component\HttpKernel\Event\FilterResponseEvent $event
+   *   The route build event.
+   */
+  public function CORSResponseHeaders(FilterResponseEvent $event) {
+    watchdog('rest', 'REST CORS ALLOWED!! 2');
+    $response = $event->getResponse();
+    $request = $event->getRequest();
+    if ($request->getMethod() === 'GET') {
+      $response->headers->set('Access-Control-Allow-Origin', '*');
+      $response->headers->set('Access-Control-Allow-Methods', 'GET');
+    }
+  }
+
 }