diff --git a/src/cors.js b/src/cors.js
index f3617730..dcbf1599 100644
--- a/src/cors.js
+++ b/src/cors.js
@@ -3,7 +3,7 @@ const setAccessControlHeaders = (req, res) => {
   res.header("Access-Control-Allow-Methods", "OPTIONS,POST,GET,PUT,DELETE")
   res.header(
     "Access-Control-Allow-Headers",
-    "Origin, X-Requested-With, Content-Type, Accept, Authorization, public-key-for-decryption, encryption-device-id"
+    "Origin, X-Requested-With, Content-Type, Accept, Authorization, public-key-for-decryption, encryption-device-id, public-key-for-decryption"
   );
 };