diff --git a/Makefile b/Makefile
index 2b987c4b..036ae1b4 100644
--- a/Makefile
+++ b/Makefile
@@ -195,12 +195,9 @@ thinkhazard/static/build/%.css: $(LESS_FILES) .build/node_modules.timestamp
 
 .build/venv:
 	mkdir -p $(dir $@)
-	# make a first virtualenv to get a recent version of virtualenv
-	virtualenv venv
-	venv/bin/pip install virtualenv
-	venv/bin/virtualenv .build/venv
-	# remove the temporary virtualenv
-	rm -rf venv
+	virtualenv --setuptools .build/venv
+	.build/venv/bin/pip install pip==8.1.1
+	.build/venv/bin/pip install setuptools==20.3.1
 
 .build/node_modules.timestamp: package.json
 	mkdir -p $(dir $@)
@@ -215,7 +212,8 @@ thinkhazard/static/build/%.css: $(LESS_FILES) .build/node_modules.timestamp
 .build/requirements.timestamp: .build/venv setup.py requirements.txt
 	mkdir -p $(dir $@)
 	.build/venv/bin/pip install numpy==1.10.1
-	.build/venv/bin/pip install -r requirements.txt
+	.build/venv/bin/pip install -r freeze.txt
+	.build/venv/bin/pip install -e .
 	touch $@
 
 .build/flake8.timestamp: $(PY_FILES)
diff --git a/freeze.txt b/freeze.txt
new file mode 100644
index 00000000..3de6103c
--- /dev/null
+++ b/freeze.txt
@@ -0,0 +1,64 @@
+affine==1.2.0
+alembic==0.8.10
+APScheduler==3.0.5
+Babel==2.3.4
+beautifulsoup4==4.4.1
+Chameleon==3.1
+click==6.3
+click-plugins==1.0.3
+cligj==0.4.0
+colorlog==2.6.1
+cssselect==0.9.1
+enum34==1.1.2
+futures==3.0.5
+GeoAlchemy2==0.2.6
+geojson==1.3.2
+httplib2==0.9.2
+Jinja2==2.9.5
+lingua==4.12
+lxml==3.6.0
+Mako==1.0.4
+Markdown==2.6.5
+MarkupSafe==0.23
+mock==3.0.5
+nose==1.3.7
+numpy==1.10.1
+papyrus==2.0.dev3
+Paste==2.0.2
+PasteDeploy==1.5.2
+polib==1.0.8
+psycopg2==2.8.4
+Pygments==2.1.3
+pyparsing==2.1.0
+pyproj==1.9.4
+pyquery==1.2.9
+pyramid==1.6a2
+pyramid-debugtoolbar==2.4.2
+pyramid-jinja2==2.6.2
+pyramid-mako==1.0.2
+pyramid-tm==0.12.1
+python-editor==1.0
+pytidylib==0.3.2
+pytz==2016.2
+PyYAML==3.11
+rasterio==0.30.0
+repoze.lru==0.6
+requests==2.14.2
+Shapely==1.5.13
+simplejson==3.8.2
+six==1.10.0
+slugify==0.0.1
+snuggs==1.3.1
+SQLAlchemy==1.0.12
+transaction==1.4.4
+transifex-client==0.12.2
+translationstring==1.3
+tzlocal==1.2.2
+urllib3==1.21.1
+venusian==1.0
+waitress==0.8.10
+WebOb==1.6.0
+WebTest==2.0.18
+zope.deprecation==4.1.2
+zope.interface==4.1.3
+zope.sqlalchemy==0.7.6
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index d7151b6e..ef51dc74 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,4 +10,5 @@ lingua==4.12
 transifex-client==0.12.2
 jinja2==2.9.5
 requests==2.14.2
+zope.sqlalchemy==0.7.6
 -e .
diff --git a/thinkhazard/scripts/import.py b/thinkhazard/scripts/import.py
index e8a12c0f..ccbccfa6 100644
--- a/thinkhazard/scripts/import.py
+++ b/thinkhazard/scripts/import.py
@@ -262,7 +262,7 @@ def import_recommendations(argv=sys.argv):
                 # the other columns are hazard category (type / level)
                 for col_index in range(1, 28):
                     value = row[col_index]
-                    if value is not '' and value is not 'Y':
+                    if value != '' and value != 'Y':
                         association = hctra(order=value)
                         association.hazardcategory = categories[col_index - 1]
                         associations.append(association)
@@ -385,8 +385,8 @@ def import_contacts(argv=sys.argv):
                     url = unicode(row[10 + offset].decode('latin1'))
                     phone = unicode(row[11 + offset].decode('latin1'))
                     email = unicode(row[12 + offset].decode('latin1'))
-                    if name is '' and url is '' and \
-                       phone is '' and email is '':
+                    if name == '' and url == '' and \
+                       phone == '' and email == '':
                         continue
 
                     contact = DBSession.query(Contact) \
diff --git a/thinkhazard/views/api.py b/thinkhazard/views/api.py
index 2867d811..8aa52046 100644
--- a/thinkhazard/views/api.py
+++ b/thinkhazard/views/api.py
@@ -33,8 +33,28 @@
     HazardLevel,
     )
 
+cors_policy = {
+    'Access-Control-Allow-Origin': '*',
+    'Access-Control-Allow-Methods': 'GET',
+}
 
-@view_config(route_name='api_hazardcategory', renderer='json')
+
+def cors_headers(cors_policy):
+
+    def add_cors_headers(view_callable):
+
+        def wrapper(context, request):
+            request.response.headers.update(cors_policy)
+            return view_callable(context, request)
+
+        return wrapper
+
+    return add_cors_headers
+
+
+@view_config(route_name='api_hazardcategory',
+             decorator=cors_headers(cors_policy),
+             renderer='json')
 def api_hazardcategory(request):
     hazard_type = request.matchdict['hazard_type']
     hazard_level = request.matchdict['hazard_level']
@@ -54,7 +74,9 @@ def api_hazardcategory(request):
     }
 
 
-@view_config(route_name='api_admindiv_hazardsets_hazardtype', renderer='json')
+@view_config(route_name='api_admindiv_hazardsets_hazardtype',
+             decorator=cors_headers(cors_policy),
+             renderer='json')
 def api_admindiv_hazardsets_hazardtype(request):
     data = admindiv_hazardsets_hazardtype(request)
     return data