diff --git a/libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer-impl.h b/libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer-impl.h
index f40b5928f..570ecfbb1 100644
--- a/libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer-impl.h
+++ b/libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer-impl.h
@@ -59,8 +59,24 @@ void ESP8266HTTPUpdateServerTemplate<ServerType>::setup(ESP8266WebServerTemplate
       _server->send_P(200, PSTR("text/html"), serverIndex);
     });
 
+    // handler for the /update form page - preflight options
+    _server->on(path.c_str(), HTTP_OPTIONS, [&](){
+	    _server->sendHeader("Access-Control-Allow-Headers", "*");
+	    _server->sendHeader("Access-Control-Allow-Origin", "*");
+	    _server->send(200, F("text/html"), String(F("y")));
+    },[&](){
+		_authenticated = (_username == emptyString || _password == emptyString || _server->authenticate(_username.c_str(), _password.c_str()));
+      if(!_authenticated){
+        if (_serial_output)
+          Serial.printf("Unauthenticated Update\n");
+        return;
+      }
+    });
+	
     // handler for the /update form POST (once file upload finishes)
     _server->on(path.c_str(), HTTP_POST, [&](){
+	    _server->sendHeader("Access-Control-Allow-Headers", "*");
+	    _server->sendHeader("Access-Control-Allow-Origin", "*");
       if(!_authenticated)
         return _server->requestAuthentication();
       if (Update.hasError()) {