diff --git a/server/http.go b/server/http.go
index aef46426b637c57db788c06b4b556064a5b838db..0a7646ed10498d4e59284d474884b0fbd7bbdd6d 100644
--- a/server/http.go
+++ b/server/http.go
@@ -445,6 +445,7 @@ func (h *Server) Handler() http.Handler {
 	// Add CORS headers on the main SSO API endpoint.
 	c := cors.New(cors.Options{
 		AllowedOrigins:   h.allowedOrigins,
+		AllowedHeaders:   []string{"*"},
 		AllowCredentials: true,
 		MaxAge:           86400,
 	})