diff --git a/lib/mvcfronk/mfBase/mfBaseApicontroller.php b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
index a8c82750b..fa27ee762 100644
--- a/lib/mvcfronk/mfBase/mfBaseApicontroller.php
+++ b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
@@ -123,6 +123,14 @@ class mfBaseApicontroller {
     $me->loadByApikey($key);
     
     if(!$me->id) {
+      header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
+      header("Access-Control-Allow-Headers: X-Api-Key");
+      
+      if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
+        $origin_proto = $m[1];
+        $origin_hostname = $m[2];
+        header("Access-Control-Allow-Origin: ".$origin_proto."://".$origin_hostname);
+      }
       $this->return(mfResponse::Unauthorized(['message' => "API key missing or invalid"]));
     }
     $_SESSION[MFAPPNAME.'_username'] = $me->username;