diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst
old mode 100644
new mode 100755
index 09386f122..2be11ae8c
--- a/doc/source/topics/settings.rst
+++ b/doc/source/topics/settings.rst
@@ -567,6 +567,16 @@ This setting sets the maximum number of items displayed in a dropdown.
 Dropdowns that limit based on this value need to support a way to observe
 the entire list.
 
+``ENABLE_CLIENT_TOKEN``
+--------------------------
+
+.. versionadded:: 10.0.0(Newton)
+
+Default: ``True``
+
+This setting will Enable/Disable access to the Keystone Token to the
+browser.
+
 ``ENFORCE_PASSWORD_CHECK``
 --------------------------
 
diff --git a/openstack_dashboard/api/rest/keystone.py b/openstack_dashboard/api/rest/keystone.py
index 5ddb0b7b7..5262b0454 100644
--- a/openstack_dashboard/api/rest/keystone.py
+++ b/openstack_dashboard/api/rest/keystone.py
@@ -14,6 +14,7 @@
 """API over the keystone service.
 """
 
+from django.conf import settings
 import django.http
 from django.views import generic
 
@@ -562,7 +563,10 @@ class UserSession(generic.View):
     def get(self, request):
         """Get the current user session.
         """
-        return {k: getattr(request.user, k, None) for k in self.allowed_fields}
+        res = {k: getattr(request.user, k, None) for k in self.allowed_fields}
+        if getattr(settings, 'ENABLE_CLIENT_TOKEN', True):
+            res['token'] = request.user.token.id
+        return res
 
 
 @urls.register
diff --git a/openstack_dashboard/test/api_tests/keystone_rest_tests.py b/openstack_dashboard/test/api_tests/keystone_rest_tests.py
index 4009115a1..269e5275a 100644
--- a/openstack_dashboard/test/api_tests/keystone_rest_tests.py
+++ b/openstack_dashboard/test/api_tests/keystone_rest_tests.py
@@ -662,6 +662,7 @@ class KeystoneRestTestCase(test.TestCase):
         request.user = mock.Mock(
             services_region='some region',
             super_secret_thing='not here',
+            token=type('', (object,), {'id': 'token here'}),
             is_authenticated=lambda: True,
             spec=['services_region', 'super_secret_thing']
         )
@@ -669,6 +670,7 @@ class KeystoneRestTestCase(test.TestCase):
         self.assertStatusCode(response, 200)
         content = jsonutils.loads(response.content)
         self.assertEqual(content['services_region'], 'some region')
+        self.assertEqual(content['token'], 'token here')
         self.assertNotIn('super_secret_thing', content)
 
     #
diff --git a/releasenotes/notes/angular-direct-1b156f152590ab93.yaml b/releasenotes/notes/angular-direct-1b156f152590ab93.yaml
new file mode 100644
index 000000000..a05f6432f
--- /dev/null
+++ b/releasenotes/notes/angular-direct-1b156f152590ab93.yaml
@@ -0,0 +1,17 @@
+---
+prelude: >
+    JavaScript can now access the Keystone Token.
+features:
+  - >
+    Horizon and Horizon Plugins can access the Keystone
+    Token from JavaScript so that they can make CORS
+    calls directly to other OpenStack Services. This
+    can enable much more responsive UI.
+security:
+  - >
+    Making Keystone Tokens available to JavaScript
+    slightly increases the risk of a Token being
+    captured. If you don't need this functionality, it
+    can be disabled by setting the following option
+    in your local_settings:
+    ENABLE_CLIENT_TOKEN = False