diff --git a/modules/api_rest/api_rest.go b/modules/api_rest/api_rest.go
index 69fd3d3b..11da44aa 100644
--- a/modules/api_rest/api_rest.go
+++ b/modules/api_rest/api_rest.go
@@ -172,6 +172,8 @@ func (mod *RestAPI) Configure() error {
 
 	router := mux.NewRouter()
 
+	router.Methods("OPTIONS").HandlerFunc(mod.corsRoute)
+
 	router.HandleFunc("/api/events", mod.eventsRoute)
 	router.HandleFunc("/api/session", mod.sessionRoute)
 	router.HandleFunc("/api/session/ble", mod.sessionRoute)
diff --git a/modules/api_rest/api_rest_controller.go b/modules/api_rest/api_rest_controller.go
index e734739b..e9765f19 100644
--- a/modules/api_rest/api_rest_controller.go
+++ b/modules/api_rest/api_rest_controller.go
@@ -41,7 +41,10 @@ func (mod *RestAPI) setSecurityHeaders(w http.ResponseWriter) {
 	w.Header().Add("X-Content-Type-Options", "nosniff")
 	w.Header().Add("X-XSS-Protection", "1; mode=block")
 	w.Header().Add("Referrer-Policy", "same-origin")
+
 	w.Header().Set("Access-Control-Allow-Origin", mod.allowOrigin)
+	w.Header().Add("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
+	w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
 }
 
 func (mod *RestAPI) checkAuth(r *http.Request) bool {
@@ -190,6 +193,11 @@ func (mod *RestAPI) clearEvents(w http.ResponseWriter, r *http.Request) {
 	session.I.Events.Clear()
 }
 
+func (mod *RestAPI) corsRoute(w http.ResponseWriter, r *http.Request) {
+	mod.setSecurityHeaders(w)
+	w.WriteHeader(http.StatusNoContent)
+}
+
 func (mod *RestAPI) sessionRoute(w http.ResponseWriter, r *http.Request) {
 	mod.setSecurityHeaders(w)