diff --git a/app.js b/app.js
index c5fe8f3..56047b8 100644
--- a/app.js
+++ b/app.js
@@ -17,10 +17,11 @@ var app = express();
 const corsOptions = {
   origin: '*',  // Allow requests only from your frontend's origin
   methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],  // Allow these HTTP methods
-  allowedHeaders: ['Content-Type', 'Authorization'],  // Allow these headers
+  allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],  // Allow these headers
   credentials: true  // Allow credentials if you are using them (e.g., cookies, authentication)
 };
 app.use(cors(corsOptions));
+app.options('*', cors(corsOptions)); // Handle preflight requests
 
 // view engine setup
 app.set('views', path.join(__dirname, 'views'));