diff --git a/changelog/unreleased/add-header-to-cors-handler.md b/changelog/unreleased/add-header-to-cors-handler.md
new file mode 100644
index 00000000000..5f6f4aa62f0
--- /dev/null
+++ b/changelog/unreleased/add-header-to-cors-handler.md
@@ -0,0 +1,5 @@
+Change: Add header to cors handler 
+
+The `x-requested-with` header was added to allow ajax requests.
+
+https://github.com/owncloud/ocis-pkg/issues/41
diff --git a/middleware/header.go b/middleware/header.go
index 4eb02dab8f1..0b311ac6033 100644
--- a/middleware/header.go
+++ b/middleware/header.go
@@ -24,7 +24,7 @@ func Cors(next http.Handler) http.Handler {
 		} else {
 			w.Header().Set("Access-Control-Allow-Origin", "*")
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
-			w.Header().Set("Access-Control-Allow-Headers", "authorization, origin, content-type, accept")
+			w.Header().Set("Access-Control-Allow-Headers", "authorization, origin, content-type, accept, x-requested-with")
 			w.Header().Set("Allow", "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS")
 
 			w.WriteHeader(http.StatusOK)