diff --git a/apps/server/src/app.ts b/apps/server/src/app.ts
index d38dddf9ce..0814f7f075 100644
--- a/apps/server/src/app.ts
+++ b/apps/server/src/app.ts
@@ -38,9 +38,10 @@ export default async function buildApp() {
     app.set("view engine", "ejs");
 
     app.use((req, res, next) => {
-        // set CORS header
+        // set CORS headers
         if (config["Network"]["corsAllowOrigin"]) {
             res.header("Access-Control-Allow-Origin", config["Network"]["corsAllowOrigin"]);
+            res.header("Access-Control-Allow-Credentials", "true");
         }
         if (config["Network"]["corsAllowMethods"]) {
             res.header("Access-Control-Allow-Methods", config["Network"]["corsAllowMethods"]);
@@ -49,6 +50,12 @@ export default async function buildApp() {
             res.header("Access-Control-Allow-Headers", config["Network"]["corsAllowHeaders"]);
         }
 
+        // Handle preflight OPTIONS requests
+        if (req.method === "OPTIONS" && config["Network"]["corsAllowOrigin"]) {
+            res.sendStatus(204);
+            return;
+        }
+
         res.locals.t = t;
         return next();
     });