diff --git a/server/Auth.js b/server/Auth.js
index 08198169..9736e1fd 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -20,7 +20,9 @@ class Auth {
   cors(req, res, next) {
     res.header('Access-Control-Allow-Origin', '*')
     res.header("Access-Control-Allow-Methods", 'GET, POST, PATCH, PUT, DELETE, OPTIONS')
-    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding, Range, Authorization")
+    res.header('Access-Control-Allow-Headers', '*')
+    // TODO: Make sure allowing all headers is not a security concern. It is required for adding custom headers for SSO
+    // res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding, Range, Authorization")
     res.header('Access-Control-Allow-Credentials', true)
     if (req.method === 'OPTIONS') {
       res.sendStatus(200)