diff --git a/Cargo.lock b/Cargo.lock
index 4062a094a..5185e48a1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1630,9 +1630,9 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
 
 [[package]]
 name = "openssl"
-version = "0.10.52"
+version = "0.10.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56"
+checksum = "345df152bc43501c5eb9e4654ff05f794effb78d4efe3d53abc158baddc0703d"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -1671,9 +1671,9 @@ dependencies = [
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.87"
+version = "0.9.90"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e"
+checksum = "374533b0e45f3a7ced10fcaeccca020e66656bc03dac384f852e4e5a7a8104a6"
 dependencies = [
  "cc",
  "libc",
diff --git a/Dockerfile b/Dockerfile
old mode 100755
new mode 100644
index 71ffdf5e8..53922cf9a
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,7 @@ COPY . .
 RUN CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse cargo build --release --features=vendored-openssl
 
 
-FROM alpine:latest
+FROM alpine:3.18.3
 
 LABEL org.opencontainers.image.description="Blazing fast and lightweight tile server with PostGIS, MBTiles, and PMTiles support"
 
diff --git a/src/srv/server.rs b/src/srv/server.rs
index f1eaeefbb..ee1ad9485 100755
--- a/src/srv/server.rs
+++ b/src/srv/server.rs
@@ -7,7 +7,8 @@ use actix_http::ContentEncoding;
 use actix_web::dev::Server;
 use actix_web::error::ErrorBadRequest;
 use actix_web::http::header::{
-    AcceptEncoding, Encoding as HeaderEnc, HeaderValue, Preference, CACHE_CONTROL, CONTENT_ENCODING,
+    AcceptEncoding, Encoding as HeaderEnc, HeaderValue, Preference, ACCEPT, AUTHORIZATION,
+    CACHE_CONTROL, CONTENT_ENCODING,
 };
 use actix_web::http::Uri;
 use actix_web::middleware::TrailingSlash;
@@ -475,7 +476,8 @@ pub fn new_server(config: SrvConfig, sources: Sources) -> crate::Result<(Server,
 
         let cors_middleware = Cors::default()
             .allow_any_origin()
-            .allowed_methods(vec!["GET"]);
+            .allowed_methods(vec!["GET"])
+            .allowed_headers(vec![AUTHORIZATION, ACCEPT]);
 
         App::new()
             .app_data(Data::new(state))