diff --git a/api/server/server.go b/api/server/server.go
index d77a6c22a2..16e5085148 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -1167,7 +1167,7 @@ func optionsHandler(eng *engine.Engine, version version.Version, w http.Response
 }
 func writeCorsHeaders(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Access-Control-Allow-Origin", "*")
-	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
+	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
 	w.Header().Add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
 }
 
diff --git a/integration/api_test.go b/integration/api_test.go
index 6bb340d53b..8e45f89282 100644
--- a/integration/api_test.go
+++ b/integration/api_test.go
@@ -785,8 +785,8 @@ func TestGetEnabledCors(t *testing.T) {
 	if allowOrigin != "*" {
 		t.Errorf("Expected header Access-Control-Allow-Origin to be \"*\", %s found.", allowOrigin)
 	}
-	if allowHeaders != "Origin, X-Requested-With, Content-Type, Accept" {
-		t.Errorf("Expected header Access-Control-Allow-Headers to be \"Origin, X-Requested-With, Content-Type, Accept\", %s found.", allowHeaders)
+	if allowHeaders != "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth" {
+		t.Errorf("Expected header Access-Control-Allow-Headers to be \"Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth\", %s found.", allowHeaders)
 	}
 	if allowMethods != "GET, POST, DELETE, PUT, OPTIONS" {
 		t.Errorf("Expected hearder Access-Control-Allow-Methods to be \"GET, POST, DELETE, PUT, OPTIONS\", %s found.", allowMethods)