diff --git a/nodes/node_balancer/cmd/nodebalancer/middleware.go b/nodes/node_balancer/cmd/nodebalancer/middleware.go
index ff0783ca..0eca1c47 100644
--- a/nodes/node_balancer/cmd/nodebalancer/middleware.go
+++ b/nodes/node_balancer/cmd/nodebalancer/middleware.go
@@ -359,16 +359,18 @@ func panicMiddleware(next http.Handler) http.Handler {
 // CORS middleware
 func corsMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		for _, allowedOrigin := range strings.Split(MOONSTREAM_CORS_ALLOWED_ORIGINS, ",") {
-			if r.Header.Get("Origin") == allowedOrigin {
-				w.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
+		if r.Method == http.MethodOptions {
+			for _, allowedOrigin := range strings.Split(MOONSTREAM_CORS_ALLOWED_ORIGINS, ",") {
+				if r.Header.Get("Origin") == allowedOrigin {
+					w.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
+					w.Header().Set("Access-Control-Allow-Methods", "GET,POST")
+					// Credentials are cookies, authorization headers, or TLS client certificates
+					w.Header().Set("Access-Control-Allow-Credentials", "true")
+					w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
+				}
 			}
-		}
-		if r.Method == "OPTIONS" {
-			w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
-			// Credentials are cookies, authorization headers, or TLS client certificates
-			w.Header().Set("Access-Control-Allow-Credentials", "true")
-			w.Header().Set("Access-Control-Allow-Headers", "Authorization")
+			w.WriteHeader(http.StatusNoContent)
+			return
 		}
 		next.ServeHTTP(w, r)
 	})