diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index 9aa52fa164..c67f435fac 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -6,14 +6,14 @@ use Closure;
 
 class Cors
 {
-    
+
   public function handle($request, Closure $next)
   {
 
     return $next($request)
       ->header('Access-Control-Allow-Origin', '*')
       ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
-      ->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, Authorization');
+      ->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, Authorization, X-API-TOKEN, X-API-SECRET');
 
   }