diff --git a/.gitignore b/.gitignore
index 82cfc4e..24d593c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
 .idea
 composer.lock
 vendor
+/nbproject/private/
+/nbproject/project.properties
+/nbproject/project.xml
diff --git a/source/Jacwright/RestServer/RestServer.php b/source/Jacwright/RestServer/RestServer.php
index f5e1163..f5534af 100755
--- a/source/Jacwright/RestServer/RestServer.php
+++ b/source/Jacwright/RestServer/RestServer.php
@@ -56,6 +56,7 @@ class RestServer {
 
 	public $useCors = false;
 	public $allowedOrigin = '*';
+	public $allowedHeaders = '';
 
 	protected $data = null;   // special parameter for post data
 	protected $query = null;  // special parameter for query string
@@ -135,11 +136,19 @@ public function handle() {
 		list($obj, $method, $params, $this->params, $noAuth) = $this->findUrl();
 
 		if ($obj) {
-			if (is_string($obj) && !($obj = $this->instantiateClass($obj))) {
-				throw new Exception("Class $obj does not exist");
+			if (is_string($obj)) {
+				$newObj = $this->instantiateClass($obj);
+				if (!$newObj) {
+					throw new Exception("Class $obj does not exist");
+				}
+				$obj = $newObj;
 			}
 
-			$obj->server = $this;
+			if (is_object($obj)) {
+				$obj->server = $this;
+			} else {
+				throw new Exception("Class $obj does not exist");
+			}
 
 			try {
 				$this->initClass($obj);
@@ -567,12 +576,17 @@ private function corsHeaders() {
 		if (in_array($currentOrigin, $allowedOrigin)) {
 			$allowedOrigin = array($currentOrigin); // array ; if there is a match then only one is enough
 		}
+		// test if we want to add custome headers to Access-Control-Allow-Headers
+		$customHeaders = '';
+		if (is_array($this->allowedHeaders) && !empty($this->allowedHeaders)) {
+			$customHeaders = ", ".implode(", ",$this->allowedHeaders);
+		}
 		foreach($allowedOrigin as $allowed_origin) { // to support multiple origins
 			header("Access-Control-Allow-Origin: $allowed_origin");
 		}
 		header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS');
 		header('Access-Control-Allow-Credential: true');
-		header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, Authorization');
+		header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, Authorization'.$customHeaders);
 	}
 
 	private $codes = array(