diff --git a/src/cors.rs b/src/cors.rs
index d4d5dd4..c2cefe6 100644
--- a/src/cors.rs
+++ b/src/cors.rs
@@ -1,6 +1,7 @@
 use rocket::fairing::{Fairing, Info, Kind};
 use rocket::http::Header;
 use rocket::{Request, Response};
+use std::path::PathBuf;
 
 pub struct CORS {
     pub whitelist: Vec<String>,
@@ -22,9 +23,19 @@ impl Fairing for CORS {
             .and_then(|origin| self.whitelist.contains(&origin.to_string()).then(|| origin))
             .and_then(|origin| {
                 response.set_header(Header::new("Access-Control-Allow-Origin", origin));
-                response.set_header(Header::new("Access-Control-Allow-Methods", "POST, GET"));
+                response.set_header(Header::new(
+                    "Access-Control-Allow-Methods",
+                    "POST, GET, OPTIONS",
+                ));
                 response.set_header(Header::new("Access-Control-Allow-Credentials", "true"));
+                response.set_header(Header::new(
+                    "Access-Control-Allow-Headers",
+                    "User-Token, Content-Type",
+                ));
                 Some(())
             });
     }
 }
+
+#[options("/<_path..>")]
+pub async fn options_handler(_path: PathBuf) {}
diff --git a/src/main.rs b/src/main.rs
index 5193705..74f5a31 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -81,6 +81,7 @@ async fn main() -> Result<(), rocket::Error> {
                 api::operation::set_auto_block,
                 api::vote::vote,
                 api::upload::ipfs_upload,
+                cors::options_handler,
             ],
         )
         .mount(