diff --git a/lib/http/middleware.go b/lib/http/middleware.go
index e7e4582b3..3ee5c0cdc 100644
--- a/lib/http/middleware.go
+++ b/lib/http/middleware.go
@@ -183,8 +183,8 @@ func MiddlewareCORS(allowOrigin string) Middleware {
 
 			if allowOrigin != "" {
 				w.Header().Add("Access-Control-Allow-Origin", allowOrigin)
-				w.Header().Add("Access-Control-Request-Method", "POST, OPTIONS, GET, HEAD")
 				w.Header().Add("Access-Control-Allow-Headers", "authorization, Content-Type")
+				w.Header().Add("Access-Control-Allow-Methods", "COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, TRACE, UNLOCK")
 			}
 
 			next.ServeHTTP(w, r)
diff --git a/lib/http/middleware_test.go b/lib/http/middleware_test.go
index 283848f94..15d0b0525 100644
--- a/lib/http/middleware_test.go
+++ b/lib/http/middleware_test.go
@@ -323,8 +323,8 @@ func TestMiddlewareAuthCertificateUser(t *testing.T) {
 
 var _testCORSHeaderKeys = []string{
 	"Access-Control-Allow-Origin",
-	"Access-Control-Request-Method",
 	"Access-Control-Allow-Headers",
+	"Access-Control-Allow-Methods",
 }
 
 func TestMiddlewareCORS(t *testing.T) {