diff --git a/pkg/api/controller.go b/pkg/api/controller.go
index 2f6d4b43..b9f747bd 100644
--- a/pkg/api/controller.go
+++ b/pkg/api/controller.go
@@ -78,7 +78,7 @@ func (c *Controller) CORSHandler(response http.ResponseWriter, request *http.Req
 	}
 
 	response.Header().Set("Access-Control-Allow-Methods", "HEAD,GET,POST,OPTIONS")
-	response.Header().Set("Access-Control-Allow-Headers", "Authorization")
+	response.Header().Set("Access-Control-Allow-Headers", "Authorization,content-type")
 }
 
 func DumpRuntimeParams(log log.Logger) {
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
index edf0424c..359958f3 100644
--- a/pkg/api/controller_test.go
+++ b/pkg/api/controller_test.go
@@ -269,7 +269,7 @@ func TestHtpasswdSingleCred(t *testing.T) {
 				So(resp, ShouldNotBeNil)
 				So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 
-				header := []string{"Authorization"}
+				header := []string{"Authorization,content-type"}
 
 				resp, _ = resty.R().SetBasicAuth(user, password).Options(baseURL + "/v2/")
 				So(resp, ShouldNotBeNil)