diff --git a/config/initializers/08-rack-cors.rb b/config/initializers/08-rack-cors.rb
index b59f22db7a4..8ed2a38e934 100644
--- a/config/initializers/08-rack-cors.rb
+++ b/config/initializers/08-rack-cors.rb
@@ -8,7 +8,17 @@ if GlobalSetting.enable_cors
     end
 
     def call(env)
+      if env['REQUEST_METHOD'] == 'OPTIONS' and env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
+        return [200, apply_headers(env), []]
+      end
+
       status, headers, body = @app.call(env)
+      [status, apply_headers(env, headers), body]
+    end
+
+    def apply_headers(env, headers=nil)
+      headers ||= {}
+
       origin = nil
       cors_origins = @global_origins || []
       cors_origins += SiteSetting.cors_origins.split('|') if SiteSetting.cors_origins
@@ -22,7 +32,7 @@ if GlobalSetting.enable_cors
         headers['Access-Control-Allow-Credentials'] = "true"
       end
 
-      [status,headers,body]
+      headers
     end
   end