diff --git a/lib/index.ts b/lib/index.ts
index 3ecdcfb8dc..f5cfedf278 100644
--- a/lib/index.ts
+++ b/lib/index.ts
@@ -40,6 +40,7 @@ import {
   SecondArg,
 } from "./typed-events";
 import { patchAdapter, restoreAdapter, serveFile } from "./uws";
+import corsMiddleware from "cors";
 
 const debug = debugModule("socket.io:server");
 
@@ -202,6 +203,11 @@ export class Server<
    */
   _connectTimeout: number;
   private httpServer: http.Server | HTTPSServer | Http2SecureServer;
+  private _corsMiddleware: (
+    req: http.IncomingMessage,
+    res: http.ServerResponse,
+    next: () => void
+  ) => void;
 
   /**
    * Server constructor.
@@ -267,6 +273,10 @@ export class Server<
       this.attach(
         srv as http.Server | HTTPSServer | Http2SecureServer | number
       );
+
+    if (this.opts.cors) {
+      this._corsMiddleware = corsMiddleware(this.opts.cors);
+    }
   }
 
   get _opts() {
@@ -548,7 +558,13 @@ export class Server<
     srv.removeAllListeners("request");
     srv.on("request", (req, res) => {
       if (this.clientPathRegex.test(req.url!)) {
-        this.serve(req, res);
+        if (this._corsMiddleware) {
+          this._corsMiddleware(req, res, () => {
+            this.serve(req, res);
+          });
+        } else {
+          this.serve(req, res);
+        }
       } else {
         for (let i = 0; i < evs.length; i++) {
           evs[i].call(srv, req, res);
diff --git a/package-lock.json b/package-lock.json
index 47ae4ccdfc..20ba514a80 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,6 +11,7 @@
       "dependencies": {
         "accepts": "~1.3.4",
         "base64id": "~2.0.0",
+        "cors": "~2.8.5",
         "debug": "~4.3.2",
         "engine.io": "~6.5.0",
         "socket.io-adapter": "~2.5.2",
@@ -7421,7 +7422,7 @@
     "uWebSockets.js": {
       "version": "git+https://git@github.com/uNetworking/uWebSockets.js.git#d39d4181daf5b670d44cbc1b18f8c28c85fd4142",
       "dev": true,
-      "from": "uWebSockets.js@uNetworking/uWebSockets.js#v20.30.0"
+      "from": "uWebSockets.js@github:uNetworking/uWebSockets.js#v20.30.0"
     },
     "v8-compile-cache-lib": {
       "version": "3.0.1",
diff --git a/package.json b/package.json
index 23d7c422bd..5523cbf444 100644
--- a/package.json
+++ b/package.json
@@ -48,6 +48,7 @@
   "dependencies": {
     "accepts": "~1.3.4",
     "base64id": "~2.0.0",
+    "cors": "~2.8.5",
     "debug": "~4.3.2",
     "engine.io": "~6.5.0",
     "socket.io-adapter": "~2.5.2",
diff --git a/test/server-attachment.ts b/test/server-attachment.ts
index 9628d306b0..98d005a3d9 100644
--- a/test/server-attachment.ts
+++ b/test/server-attachment.ts
@@ -70,6 +70,27 @@ describe("server attachment", () => {
         });
     });
 
+    it("should serve client with necessary CORS headers", (done) => {
+      const srv = createServer();
+      new Server(srv, {
+        cors: {
+          origin: "https://good-origin.com",
+        },
+      });
+      request(srv)
+        .get("/socket.io/socket.io.js")
+        .set("origin", "https://good-origin.com")
+        .buffer(true)
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.headers["access-control-allow-origin"]).to.be(
+            "https://good-origin.com"
+          );
+          expect(res.status).to.be(200);
+          done();
+        });
+    });
+
     it(
       "should serve bundle with msgpack parser",
       testSource("socket.io.msgpack.min.js")