diff --git a/api/handler/cors.go b/api/handler/cors.go
index 19e4ae80d..de0b24af5 100644
--- a/api/handler/cors.go
+++ b/api/handler/cors.go
@@ -162,6 +162,7 @@ func (h *handler) AppendCORSHeaders(w http.ResponseWriter, r *http.Request) {
 				for _, m := range rule.AllowedMethods {
 					if m == r.Method {
 						w.Header().Set(api.AccessControlAllowOrigin, origin)
+						w.Header().Set(api.AccessControlAllowMethods, strings.Join(rule.AllowedMethods, ", "))
 						w.Header().Set(api.AccessControlAllowCredentials, "true")
 						w.Header().Set(api.Vary, api.Origin)
 						return
@@ -178,6 +179,7 @@ func (h *handler) AppendCORSHeaders(w http.ResponseWriter, r *http.Request) {
 						} else {
 							w.Header().Set(api.AccessControlAllowOrigin, o)
 						}
+						w.Header().Set(api.AccessControlAllowMethods, strings.Join(rule.AllowedMethods, ", "))
 						return
 					}
 				}