diff --git a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
index 836f534..e6e0527 100644
--- a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
+++ b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
@@ -49,7 +49,8 @@ public class WebSecurityConfig {
             authentication.setAuthenticated(true); // Mark the session as authenticated
             return authentication;
         });
-        return http.csrf(AbstractHttpConfigurer::disable) // Disable CSRF
+        return http.cors(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable) // Disable CSRF
                 .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // No sessions
                 .formLogin(AbstractHttpConfigurer::disable) // Disable form logins
                 .securityMatcher("/**") // Require auth for all routes