diff --git a/config/express.js b/config/express.js
index a096ef7..78b1f43 100644
--- a/config/express.js
+++ b/config/express.js
@@ -36,11 +36,6 @@ module.exports = function(app, historicSync, peerSync) {
 
   if (config.enableEmailstore) {
     var allowCopayCrossDomain = function(req, res, next) {
-      res.header('Access-Control-Allow-Origin', '*');
-      res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
-      res.header('Access-Control-Allow-Headers', 'Content-Type,Authorization');
-
-
       if ('OPTIONS' == req.method) {
         res.send(200);
         res.end();
diff --git a/config/headers.js b/config/headers.js
index 9614cef..3ea1483 100644
--- a/config/headers.js
+++ b/config/headers.js
@@ -6,8 +6,8 @@ module.exports = function(app) {
 
   app.use(function(req, res, next) {
     res.setHeader('Access-Control-Allow-Origin', '*');
-    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
-    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
+    res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type,Authorization');
     next();
   });
 };