diff --git a/templates/app/server/auth(auth)/auth.service.js b/templates/app/server/auth(auth)/auth.service.js
index 5cab4df4c..43de0a3c5 100644
--- a/templates/app/server/auth(auth)/auth.service.js
+++ b/templates/app/server/auth(auth)/auth.service.js
@@ -24,6 +24,10 @@ export function isAuthenticated() {
       if (req.query && req.query.hasOwnProperty('access_token')) {
         req.headers.authorization = 'Bearer ' + req.query.access_token;
       }
+     // IE11 forgets to set Authorization header sometimes. Pull from cookie instead.
+     if (req.query && typeof req.headers.authorization === 'undefined') {
+       req.headers.authorization = 'Bearer ' + req.cookies.token;
+     }
       validateJwt(req, res, next);
     })
     // Attach user to request