diff --git a/src/server.rs b/src/server.rs
index 880d324..980b901 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -1286,17 +1286,15 @@ fn add_cors(res: &mut Response) {
         .typed_insert(AccessControlAllowCredentials);
     res.headers_mut().insert(
         "Access-Control-Allow-Methods",
-        HeaderValue::from_static("GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"),
+        HeaderValue::from_static("*"),
     );
     res.headers_mut().insert(
         "Access-Control-Allow-Headers",
-        HeaderValue::from_static("Authorization,Destination,Range,Content-Type"),
+        HeaderValue::from_static("Authorization,*"),
     );
     res.headers_mut().insert(
         "Access-Control-Expose-Headers",
-        HeaderValue::from_static(
-            "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition",
-        ),
+        HeaderValue::from_static("Authorization,*"),
     );
 }
 
diff --git a/tests/cors.rs b/tests/cors.rs
index d6ed521..54e12f6 100644
--- a/tests/cors.rs
+++ b/tests/cors.rs
@@ -19,15 +19,15 @@ fn cors(#[with(&["--enable-cors"])] server: TestServer) -> Result<(), Error> {
     );
     assert_eq!(
         resp.headers().get("access-control-allow-methods").unwrap(),
-        "GET,HEAD,PUT,OPTIONS,DELETE,PROPFIND,COPY,MOVE"
+        "*"
     );
     assert_eq!(
         resp.headers().get("access-control-allow-headers").unwrap(),
-        "Authorization,Destination,Range,Content-Type"
+        "Authorization,*"
     );
     assert_eq!(
         resp.headers().get("access-control-expose-headers").unwrap(),
-        "WWW-Authenticate,Content-Range,Accept-Ranges,Content-Disposition"
+        "Authorization,*"
     );
     Ok(())
 }