diff --git a/internal/http/services/owncloud/ocdav/ocdav.go b/internal/http/services/owncloud/ocdav/ocdav.go
index bebc18070a0..524944ed32c 100644
--- a/internal/http/services/owncloud/ocdav/ocdav.go
+++ b/internal/http/services/owncloud/ocdav/ocdav.go
@@ -116,6 +116,14 @@ type Config struct {
 	MachineAuthAPIKey string `mapstructure:"machine_auth_apikey"`
 }
 
+// CORS defines the available cors configuration.
+type CORS struct {
+	AllowedOrigins   []string `mapstructure:"allow_origins" `
+	AllowedMethods   []string `mapstructure:"allow_methods"`
+	AllowedHeaders   []string `mapstructure:"allow_headers"`
+	AllowCredentials bool     `mapstructure:"allow_credentials"`
+}
+
 func (c *Config) init() {
 	// note: default c.Prefix is an empty string
 	c.GatewaySvc = sharedconf.GetGatewaySVC(c.GatewaySvc)
diff --git a/pkg/micro/ocdav/option.go b/pkg/micro/ocdav/option.go
index 6b80df3287c..939b75c0ca0 100644
--- a/pkg/micro/ocdav/option.go
+++ b/pkg/micro/ocdav/option.go
@@ -56,8 +56,12 @@ type Options struct {
 	MetricsSubsystem string
 
 	// ocdav.* is internal so we need to set config options individually
-	config     ocdav.Config
-	lockSystem ocdav.LockSystem
+	config           ocdav.Config
+	lockSystem       ocdav.LockSystem
+	AllowCredentials bool
+	AllowedOrigins   []string
+	AllowedHeaders   []string
+	AllowedMethods   []string
 }
 
 // newOptions initializes the available default options.
@@ -275,3 +279,31 @@ func MetricsSubsystem(val string) Option {
 		o.MetricsSubsystem = val
 	}
 }
+
+// AllowCredentials provides a function to set the AllowCredentials option.
+func AllowCredentials(val bool) Option {
+	return func(o *Options) {
+		o.AllowCredentials = val
+	}
+}
+
+// AllowedOrigins provides a function to set the AllowedOrigins option.
+func AllowedOrigins(val []string) Option {
+	return func(o *Options) {
+		o.AllowedOrigins = val
+	}
+}
+
+// AllowedMethods provides a function to set the AllowedMethods option.
+func AllowedMethods(val []string) Option {
+	return func(o *Options) {
+		o.AllowedMethods = val
+	}
+}
+
+// AllowedHeaders provides a function to set the AllowedHeaders option.
+func AllowedHeaders(val []string) Option {
+	return func(o *Options) {
+		o.AllowedHeaders = val
+	}
+}
diff --git a/pkg/micro/ocdav/service.go b/pkg/micro/ocdav/service.go
index 1e4208a5cb5..c446d911ec7 100644
--- a/pkg/micro/ocdav/service.go
+++ b/pkg/micro/ocdav/service.go
@@ -24,6 +24,7 @@ import (
 
 	"github.com/cs3org/reva/v2/internal/http/interceptors/appctx"
 	"github.com/cs3org/reva/v2/internal/http/interceptors/auth"
+	cors2 "github.com/cs3org/reva/v2/internal/http/interceptors/cors"
 	revaLogMiddleware "github.com/cs3org/reva/v2/internal/http/interceptors/log"
 	"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav"
 	"github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool"
@@ -163,6 +164,13 @@ func useMiddlewares(r *chi.Mux, sopts *Options, svc global.Service, tp trace.Tra
 	// log
 	lm := revaLogMiddleware.New()
 
+	cors, _, err := cors2.New(map[string]interface{}{
+		"allow_credentials": sopts.AllowCredentials,
+		"allowed_methods":   sopts.AllowedMethods,
+		"allowed_headers":   sopts.AllowedHeaders,
+		"allowed_origins":   sopts.AllowedOrigins,
+	})
+
 	// tracing
 	tm := func(h http.Handler) http.Handler { return h }
 	if sopts.TracingEnabled {
@@ -201,7 +209,7 @@ func useMiddlewares(r *chi.Mux, sopts *Options, svc global.Service, tp trace.Tra
 	rm := middleware.RequestID
 
 	// actually register
-	r.Use(pm, tm, lm, authMiddle, rm, cm)
+	r.Use(pm, tm, lm, authMiddle, rm, cm, cors)
 	return nil
 }