diff --git a/application/Api/v1/AddressdbApicontroller.php b/application/Api/v1/AddressdbApicontroller.php
index 8815d5a44..3392240e3 100644
--- a/application/Api/v1/AddressdbApicontroller.php
+++ b/application/Api/v1/AddressdbApicontroller.php
@@ -31,6 +31,13 @@ class AddressdbApicontroller extends mfBaseApicontroller {
   protected function authenticated() {
     $campaignApiusers = PreordercampaignApiuserModel::search(["worker_id" => $this->me->id]);
     
+    if(!$campaignApiusers) {
+      $cau = new PreordercampaignApiuser();
+      $cau->preordercampaign_id = 1;
+      $campaignApiusers = [$cau];
+    }
+      
+    
     foreach($campaignApiusers as $campaignApiuser) {
       $campaign = new Preordercampaign($campaignApiuser->preordercampaign_id);
       if($campaign) {
diff --git a/lib/mvcfronk/mfBase/mfBaseApicontroller.php b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
index 26c3dbc13..88a881310 100644
--- a/lib/mvcfronk/mfBase/mfBaseApicontroller.php
+++ b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
@@ -48,7 +48,7 @@ class mfBaseApicontroller {
     if($this->http_method == "OPTIONS") {
       // dont execute route, OPTIONS only requires CORS headers
       header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
-      header("Access-Control-Allow-Headers: X-Api-Key");
+      header("Access-Control-Allow-Headers: X-Api-Key, accept, Content-Type");
       
       if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
         $origin_proto = $m[1];
@@ -129,7 +129,7 @@ class mfBaseApicontroller {
     
     if(!$me->id) {
       header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
-      header("Access-Control-Allow-Headers: X-Api-Key");
+      header("Access-Control-Allow-Headers: X-Api-Key, accept, Content-Type");
       
       if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
         $origin_proto = $m[1];
@@ -326,7 +326,7 @@ class mfBaseApicontroller {
   
   private function createCorsHeaders() {
     header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
-    header("Access-Control-Allow-Headers: X-Api-Key");
+    header("Access-Control-Allow-Headers: X-Api-Key, accept, Content-Type");
     
     if(!is_array($this->allowed_origins) || !count($this->allowed_origins)) {
       return true;