diff --git a/synapse/http/server.py b/synapse/http/server.py
index 14715878c5cf77f919a79ce90f886e12fa3790da..7ef3d526b1049b91744be76eaaed2e50a90308d1 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -412,7 +412,7 @@ def set_cors_headers(request):
     )
     request.setHeader(
         "Access-Control-Allow-Headers",
-        "Origin, X-Requested-With, Content-Type, Accept"
+        "Origin, X-Requested-With, Content-Type, Accept, Authorization"
     )