diff --git a/nginx/cors.conf b/nginx/cors.conf
index 1182113..03c163d 100644
--- a/nginx/cors.conf
+++ b/nginx/cors.conf
@@ -1,6 +1,7 @@
 if ($request_method = 'OPTIONS') {
   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE';
+  add_header 'Access-Control-Allow-Headers', 'Content-Type'
   # cache CORS for 24 hours
   add_header 'Access-Control-Max-Age' 86400;
   # return empty response for preflight
diff --git a/src/middleware/cors.ts b/src/middleware/cors.ts
index 1cda853..e3b71ab 100644
--- a/src/middleware/cors.ts
+++ b/src/middleware/cors.ts
@@ -3,5 +3,6 @@ import { NextFunction, Request, Response } from "express";
 export function corsMiddleware(req: Request, res: Response, next: NextFunction): void {
     res.header("Access-Control-Allow-Origin", "*");
     res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, DELETE");
+    res.header("Access-Control-Allow-Headers", "Content-Type");
     next();
 }