diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73d9528a0..59a923b01 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 Notable changes to Mailpit will be documented in this file.
 
+## [v1.6.5]
+
+### Feature
+- Add Access-Control-Allow-Methods methods when CORS origin is set
+
+
 ## [v1.6.4]
 
 ### Bugfix
diff --git a/server/server.go b/server/server.go
index 387fd3686..4d3fb8f11 100644
--- a/server/server.go
+++ b/server/server.go
@@ -122,6 +122,7 @@ func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
 
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
 		}
 
 		if config.UIAuthFile != "" {
@@ -159,6 +160,7 @@ func middlewareHandler(h http.Handler) http.Handler {
 
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
 		}
 
 		if config.UIAuthFile != "" {