diff --git a/app.js b/app.js
index 9d5b1fbb..241c0920 100644
--- a/app.js
+++ b/app.js
@@ -12,6 +12,7 @@ if( peliasConfig.accessLog ){
 
 app.use( require('./middleware/headers') );
 app.use( require('./middleware/cors') );
+app.use( require('./middleware/options') );
 app.use( require('./middleware/jsonp') );
 
 /** ----------------------- routes ----------------------- **/
diff --git a/middleware/cors.js b/middleware/cors.js
index 257bef4b..d090f46f 100644
--- a/middleware/cors.js
+++ b/middleware/cors.js
@@ -1,7 +1,7 @@
 
 function middleware(req, res, next){
   res.header('Access-Control-Allow-Origin', '*');
-  res.header('Access-Control-Allow-Methods', 'GET');
+  res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
   res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
   res.header('Access-Control-Allow-Credentials', true);
   next();
diff --git a/middleware/options.js b/middleware/options.js
new file mode 100644
index 00000000..57c0e1eb
--- /dev/null
+++ b/middleware/options.js
@@ -0,0 +1,18 @@
+
+/**
+  this functionality is required by CORS as the browser will send an
+  HTTP OPTIONS request before performing the CORS request.
+
+  if the OPTIONS request returns a non-200 status code then the 
+  transaction will fail.
+**/
+
+function middleware(req, res, next){
+  if( req.method === 'OPTIONS' ){
+    res.send(200);
+  } else {
+    next();
+  }
+}
+
+module.exports = middleware;
\ No newline at end of file