diff --git a/nginx.conf.sigil b/nginx.conf.sigil
index fdb4832b..71d80d47 100644
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@@ -57,14 +57,18 @@ server {
         {{ $proxy_settings }}
         {{ $gzip_settings }}
 
-        # Add CORS headers for all requests
-        add_header 'Access-Control-Allow-Origin' $allow_origin always;
-        add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
-        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        # Add CORS headers for non-OPTIONS requests
+        add_header 'Access-Control-Allow-Origin' $allow_origin;
+        add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+        add_header 'Access-Control-Allow-Credentials' 'true';
 
         # Handle CORS preflight requests
         if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $allow_origin always;
+            add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
             add_header 'Access-Control-Max-Age' 1728000;
             add_header 'Content-Type' 'text/plain; charset=utf-8';
             add_header 'Content-Length' 0;